Closed Bug 204067 Opened 21 years ago Closed 21 years ago

Creating "@mozilla.org/nsCMSEncoder;1" and then deleting it crashes because m_ecx isn't initialized

Categories

(Core Graveyard :: Security: UI, defect)

Product:
Core Graveyard
Component:
Security: UI
Version:
Other Branch
Platform:
x86
Linux
Type:
defect
Priority:
Not set
Severity:
minor

Tracking

(Not tracked)

Status:
VERIFIED FIXED

People

(Reporter: timeless, Assigned: timeless)

References

Details

(Keywords: crash, fixed1.4.1)

Attachments

(1 file)

patch from rginda
364 bytes, patch
KaiE
: review+
kinmoz
: superreview+
mkaply
: approval1.4.1+
Details | Diff | Splinter Review 
./run-mozilla.sh ./xpcshell
Components.classes["@mozilla.org/nsCMSEncoder;1"].createInstance()
quit()

Program received signal SIGSEGV, Segmentation fault.
0x40426108 in NSS_CMSEncoder_Cancel () from ./libsmime3.so
(gdb) where
#0  0x40426108 in NSS_CMSEncoder_Cancel () from ./libsmime3.so
#1  0x403f8aa0 in nsCMSEncoder::destructorSafeDestroyNSSReference (
    this=0x810f388)
    at /mnt/ibm/mozhack/mozilla/security/manager/ssl/src/nsCMS.cpp:883
#2  0x403f89ca in nsCMSEncoder::~nsCMSEncoder (this=0x810f388, __in_chrg=3)
    at /mnt/ibm/mozhack/mozilla/security/manager/ssl/src/nsCMS.cpp:867
#3  0x403f8856 in nsCMSEncoder::Release (this=0x810f388)
    at /mnt/ibm/mozhack/mozilla/security/manager/ssl/src/nsCMS.cpp:855

(gdb) up
#1  0x403f8aa0 in nsCMSEncoder::destructorSafeDestroyNSSReference (
    this=0x810f388)
    at /mnt/ibm/mozhack/mozilla/security/manager/ssl/src/nsCMS.cpp:883
883         NSS_CMSEncoder_Cancel(m_ecx);
(gdb) print m_ecx
$3 = (NSSCMSEncoderContext *) 0x181f1
(gdb) print *m_ecx
$4 = <incomplete type>
(gdb) x/wa *(void**)m_ecx
Cannot access memory at address 0x181f1

    
  

        Attachment #122203 -
        Flags: superreview?(kin)

        Attachment #122203 -
        Flags: review?(kaie)

    
    

    
  
Comment on attachment 122203 [details] [diff] [review]
patch from rginda

sr=kin@netscape.com

        Attachment #122203 -
        Flags: superreview?(kin) → superreview+

    
    

    
  
Comment on attachment 122203 [details] [diff] [review]
patch from rginda

r=kaie

Thanks for the fix.

        Attachment #122203 -
        Flags: review?(kaie) → review+

    
    

    
  
checked in
Status: NEW → RESOLVED
Closed: 21 years ago
Resolution: --- → FIXED

    
    

    
  
Verified per comments 3 and 4
Status: RESOLVED → VERIFIED

    
    

    
  
Argh. This bug missed the 1.4 branch! :-(

Flags: blocking1.4.x?

    
  

        Attachment #122203 -
        Flags: approval1.4.x?

    
  
Blocks: stable1.4

    
    

    
  
Comment on attachment 122203 [details] [diff] [review]
patch from rginda

a=mkaply for 1.4.1

        Attachment #122203 -
        Flags: approval1.4.x? → approval1.4.x+

    
    

    
  
Please add the fixed1.4.1 keyword when this is checked in.
Flags: blocking1.4.x? → blocking1.4.x+

    
  
Keywords: fixed1.4.1

    
  
Blocks: 224532

    
  
Product: PSM → Core
Product: Core → Core Graveyard

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: