Closed
Bug 501322
Opened 15 years ago
Closed 15 years ago
Crash [@ _VEC_memzero] during shutdown
Categories
(NSS :: Libraries, defect)
Tracking
(Not tracked)
RESOLVED
DUPLICATE
of bug 492385
People
(Reporter: mayhemer, Assigned: mayhemer)
Details
Attachments
(1 file)
1.55 KB,
patch
|
Details | Diff | Splinter Review |
msvcr80d.dll!_VEC_memzero(void * dst=0x00000000, int val=-1414812757, int len=1242616) + 0x6a bytes C > nssutil3.dll!PORT_ZFree_Util(void * ptr=0xfdfdfdfd, unsigned int len=0) Line 160 + 0xf bytes C nssutil3.dll!PORT_ZFree_Util(void * ptr=0xfdfdfdfd, unsigned int len=2880154539) Line 160 + 0xf bytes C nssutil3.dll!SECITEM_ZfreeItem_Util(SECItemStr * zap=0x068fc8d0, int freeit=1) Line 277 + 0x13 bytes C nss3.dll!NamedCRLCacheEntry_Destroy(NamedCRLCacheEntryStr * entry=0x068fda78) Line 1319 + 0xe bytes C nss3.dll!FreeNamedEntries(PLHashEntry * he=0x04bf7f00, int i=0, void * arg=0x0012f660) Line 1372 + 0x9 bytes C plds4.dll!PL_HashTableEnumerateEntries(PLHashTable * ht=0x0510b978, int (PLHashEntry *, int, void *)* f=0x019c60a0, void * arg=0x0012f660) Line 406 + 0xf bytes C nss3.dll!ShutdownCRLCache() Line 1424 + 0x15 bytes C nss3.dll!NSS_Shutdown() Line 883 C pipnss.dll!nsNSSComponent::ShutdownNSS() Line 1752 + 0x5 bytes C++ pipnss.dll!nsNSSComponent::DoProfileBeforeChange(nsISupports * aSubject=0x04cdfbc8) Line 2505 + 0x8 bytes C++ pipnss.dll!nsNSSComponent::Observe(nsISupports * aSubject=0x04cdfbc8, const char * aTopic=0x1003e33c, const wchar_t * someData=0x1003efa4) Line 2057 + 0xf bytes C++ xpcom_core.dll!nsObserverList::NotifyObservers(nsISupports * aSubject=0x04cdfbc8, const char * aTopic=0x1003e33c, const wchar_t * someData=0x1003efa4) Line 129 C++ xpcom_core.dll!nsObserverService::NotifyObservers(nsISupports * aSubject=0x04cdfbc8, const char * aTopic=0x1003e33c, const wchar_t * someData=0x1003efa4) Line 184 C++ xul.dll!nsXREDirProvider::DoShutdown() Line 878 C++ xul.dll!ScopedXPCOMStartup::~ScopedXPCOMStartup() Line 993 C++ xul.dll!XRE_main(int argc=3, char * * argv=0x00d1b1f8, const nsXREAppData * aAppData=0x00d1b940) Line 3388 C++ firefox.exe!NS_internal_main(int argc=3, char * * argv=0x00d1b1f8) Line 156 + 0x12 bytes C++ firefox.exe!wmain(int argc=3, wchar_t * * argv=0x00d10fe8) Line 110 + 0xd bytes C++ firefox.exe!__tmainCRTStartup() Line 594 + 0x19 bytes C firefox.exe!wmainCRTStartup() Line 414 C kernel32.dll!7c817077() [Frames below may be incorrect and/or missing, no symbols loaded for kernel32.dll] js3250.dll!nanojit::live(avmplus::GC * gc=0x0069006c, nanojit::LirBuffer * lirbuf=0x004b0063) Line 1555 + 0x13 bytes C++ - entry 0x068fda78 {canonicalizedName=0x04d175a0 crl=0x068fc8d0 inCRLCache=0 ...} NamedCRLCacheEntryStr * - canonicalizedName 0x04d175a0 {type=siBuffer data=0x068e0d18 "†(http://crl.globalsign.net/ExtendVal1.crlýýýý««««««««îþ" len=42 } SECItemStr * type siBuffer SECItemType - data 0x068e0d18 "†(http://crl.globalsign.net/ExtendVal1.crlýýýý««««««««îþ" unsigned char * 134 '†' unsigned char len 42 unsigned int - crl 0x068fc8d0 {type=66439740 data=0xfdfdfdfd <Bad Ptr> len=2880154539 } SECItemStr * type 66439740 SECItemType > - data 0xfdfdfdfd <Bad Ptr> unsigned char * CXX0030: Error: expression cannot be evaluated len 2880154539 unsigned int inCRLCache 0 int successfulInsertionTime 0 __int64 lastAttemptTime 1246354174550000 __int64 badDER 1 int dupe 0 int unsupported 0 int mozilla-central debug build, during reproduction of bug 473197 in test env described in comment 14 of that bug at shutdown. The pointer is invalid (not just null).
Assignee | ||
Comment 1•15 years ago
|
||
See http://www.samblackburn.com/wfc/technotes/WTN006.htm
Assignee | ||
Comment 2•15 years ago
|
||
Also crashes in area of feeefeee.
Assignee | ||
Comment 3•15 years ago
|
||
This is patch on hg mozilla-central repo. It can be easily turned to CVS nss trunk patch. When we fail to add a clr entry we free entry->clr member with SECITEM_ZfreeItem but we leave the invalid pointer in the entry structure. When it's going to be freed we crash. It seems this problem is there from the very beginning...
Comment on attachment 386004 [details] [diff] [review] v1 >@@ -1310,24 +1310,26 @@ static SECStatus NamedCRLCacheEntry_Dest > if (!entry) > return SECFailure; > if (entry->crl) >+ entry->crl = NULL; > if (entry->canonicalizedName) >+ entry->canonicalizedName = NULL; > PORT_Free(entry); surely this isn't needed, as the structure is being destroyed/freed.
Updated•15 years ago
|
Status: ASSIGNED → RESOLVED
Closed: 15 years ago
Resolution: --- → DUPLICATE
Comment 6•15 years ago
|
||
Comment on attachment 386004 [details] [diff] [review] v1 removing review request. This is already fixed on trunk.
Attachment #386004 -
Flags: review?(nelson)
You need to log in
before you can comment on or make changes to this bug.
Description
•