Fix an SECItem leak in the new ECSignatureCreator class.

crypto/ec_signature_creator_nss.cc

Index: crypto/ec_signature_creator_nss.cc
diff --git a/crypto/ec_signature_creator_nss.cc b/crypto/ec_signature_creator_nss.cc
index 147535b28e9a1d3de08bec3ffa13c141c567bf6d..933f1cccf3d329c033d8240056133bedf9ce1696 100644
--- a/crypto/ec_signature_creator_nss.cc
+++ b/crypto/ec_signature_creator_nss.cc
@@ -18,8 +18,7 @@ namespace crypto {
 
 namespace {
 
-SECStatus SignData(PLArenaPool* arena,
-                   SECItem* result,
+SECStatus SignData(SECItem* result,
                    SECItem* input,
                    SECKEYPrivateKey* key,
                    HASH_HashType hash_type) {
@@ -72,27 +71,23 @@ bool ECSignatureCreator::Sign(const uint8* data,
   secret.len = data_len;
   secret.data = const_cast<unsigned char*>(data);
 
-  // |arena| is used to encode the cert.
-  crypto::ScopedPLArenaPool arena(PORT_NewArena(DER_DEFAULT_CHUNKSIZE));
-  CHECK(arena.get() != NULL);
-
-  // Allocate space to contain the signed data.
-  SECItem* result = SECITEM_AllocItem(arena.get(), NULL, 0);
-  if (!result) {
-    DLOG(ERROR) << "Unable to allocate space for signed data.";
-    return false;
-  }
+  // SECItem to receive the output buffer.
+  SECItem result;
+  result.type = siBuffer;
+  result.len = 0;
+  result.data = NULL;
 
   // Sign the secret data and save it to |result|.
   SECStatus rv =
-      SignData(arena.get(), result, &secret, key_->key(), HASH_AlgSHA1);
+      SignData(&result, &secret, key_->key(), HASH_AlgSHA1);
   if (rv != SECSuccess) {
     DLOG(ERROR) << "DerSignData: " << PORT_GetError();
     return false;
   }
 
   // Copy the signed data into the output vector.
-  signature->assign(result->data, result->data + result->len);
+  signature->assign(result.data, result.data + result.len);
+  SECITEM_FreeItem(&result, PR_FALSE /* only free |result.data| */);

[wtc, 2012/01/31 18:43:57]

You can also just do
  PORT_Free(result.data);
to make this clearer.

   return true;
 }