Closed Bug 334458 Opened 18 years ago Closed 18 years ago

Variable "(cache)->sharedCache" tracked as NULL was passed to a function that dereferences it. [@ CloseCache - InitCache]

Categories

(NSS :: Libraries, defect, P2)

Product:
NSS
Component:
Libraries
Version:
3.11
Platform:
All
Linux
Type:
defect

Tracking

(Not tracked)

Status:
RESOLVED FIXED
Milestone:
3.11.3

People

(Reporter: timeless, Assigned: alvolkov.bgs)

References

(
URL
)

Details

(Keywords: coverity, crash, Whiteboard: [CID 203])

Crash Data

Attachments

(1 file)

fix
1.94 KB, patch
nelson
: review+
Details | Diff | Splinter Review 
found by coverity
Target Milestone: --- → 3.11.1
Priority: -- → P2
Hardware: PC → All
Does not look like a bug to me. 

sharedCache and cacheMem both get assigned to NULL/0 in the beginning of InitCache function. 
939     cache->shared = shared;
940     cache->cacheMem    = cacheMem    = NULL;
941     cache->cacheMemMap = cacheMemMap = NULL;
942     cache->sharedCache = (cacheDesc *)0;

Later in the same function, both variable get set to cacheMem, but only after cacheMem allocation is successful.

1071     cache->cacheMem    = cacheMem;
1072     cache->sharedCache = (cacheDesc *)cacheMem;

Therefore it is sufficient to verify that cacheMem is not NULL to proceed with 
dereferencing of sharedCache in function CloseCash.
Status: NEW → RESOLVED
Closed: 18 years ago
Resolution: --- → INVALID
In this function, there are some lines of code that look like this:
     cfn = PR_smprintf( ...

PR_smprintf allocates the memory it returns. 
If it fails to allocate that memory (out of memory), 
then the code below it goes to loser 
with (cache)->sharedCache still NULL.
Status: RESOLVED → REOPENED
Resolution: INVALID → ---
Assignee: nobody → alexei.volkov.bugs
Status: REOPENED → NEW
Target Milestone: 3.11.1 → 3.11.2
Coverity CID 203
Whiteboard: [CID 203]
Retargetting all P2s to 3.11.3 .
Target Milestone: 3.11.2 → 3.11.3
Attached patch fixSplinter Review 

        Attachment #226831 -
        Flags: review?(nelson)

    
    

    
  
Comment on attachment 226831 [details] [diff] [review]
fix

r=nelson

        Attachment #226831 -
        Flags: review?(nelson) → review+

    
    

    
  
tip:
new revision: 1.38; previous revision: 1.37

3.11 branch:
new revision: 1.36.2.2; previous revision: 1.36.2.1

Assignee: alexei.volkov.bugs → nobody

    
    

    
  
tip:
new revision: 1.38; previous revision: 1.37

3.11 branch:
new revision: 1.36.2.2; previous revision: 1.36.2.1

Assignee: nobody → alexei.volkov.bugs

    
  
Status: NEW → RESOLVED
Closed: 18 years ago18 years ago
Resolution: --- → FIXED
Crash Signature: [@ CloseCache - InitCache]

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: