Closed
Bug 715666
Opened 13 years ago
Closed 13 years ago
premature unloading of softoken crashes libcurl
Categories
(NSS :: Libraries, defect, P1)
Tracking
(Not tracked)
RESOLVED
FIXED
3.13.2
People
(Reporter: elio.maldonado.batiz, Assigned: elio.maldonado.batiz)
Details
Attachments
(2 files)
1.51 KB,
text/x-csrc
|
Details | |
1019 bytes,
patch
|
rrelyea
:
review+
|
Details | Diff | Splinter Review |
As reported downstream on RHEL 6.2 by Kamil Dudka: Kamil Dudka 2012-01-05 14:57:25 EST Description of problem: The increment of softokenLoadCount is not in par with its decrement. Version-Release number of selected component (if applicable): nss-3.12.10-17.1.el6 How reproducible: 100 % Steps to Reproduce: 1. run the attached test-case Actual results: (gdb) break pk11load.c:600 Breakpoint 1 at 0x3d59c4992c: file pk11load.c, line 600. (gdb) run Breakpoint 1, SECMOD_UnloadModule (mod=0x67dae0) at pk11load.c:600 600 if (0 == PR_ATOMIC_DECREMENT(&softokenLoadCount)) { (gdb) display softokenLoadCount (gdb) continue Breakpoint 1, SECMOD_UnloadModule (mod=0x612dc0) at pk11load.c:600 600 if (0 == PR_ATOMIC_DECREMENT(&softokenLoadCount)) { 1: softokenLoadCount = 3 (gdb) Breakpoint 1, SECMOD_UnloadModule (mod=0x67b9e0) at pk11load.c:600 600 if (0 == PR_ATOMIC_DECREMENT(&softokenLoadCount)) { 1: softokenLoadCount = 2 (gdb) print mod->moduleDBFunc $1 = (void *) 0x330a40ddc0 (gdb) info symbol mod->moduleDBFunc NSC_ModuleDBFunc in section .text of /usr/lib64/libsoftokn3.so (gdb) continue Breakpoint 1, SECMOD_UnloadModule (mod=0x612080) at pk11load.c:600 600 if (0 == PR_ATOMIC_DECREMENT(&softokenLoadCount)) { 1: softokenLoadCount = 1 (gdb) Breakpoint 1, SECMOD_UnloadModule (mod=0x610ba0) at pk11load.c:600 600 if (0 == PR_ATOMIC_DECREMENT(&softokenLoadCount)) { 1: softokenLoadCount = 0 (gdb) test_instance() succeeded 0/16 Breakpoint 1, SECMOD_UnloadModule (mod=0x6732c0) at pk11load.c:600 600 if (0 == PR_ATOMIC_DECREMENT(&softokenLoadCount)) { 1: softokenLoadCount = 3 (gdb) Breakpoint 1, SECMOD_UnloadModule (mod=0x67b9e0) at pk11load.c:600 600 if (0 == PR_ATOMIC_DECREMENT(&softokenLoadCount)) { 1: softokenLoadCount = 2 (gdb) Breakpoint 1, SECMOD_UnloadModule (mod=0x612dc0) at pk11load.c:600 600 if (0 == PR_ATOMIC_DECREMENT(&softokenLoadCount)) { 1: softokenLoadCount = 1 (gdb) Breakpoint 1, SECMOD_UnloadModule (mod=0x612080) at pk11load.c:600 600 if (0 == PR_ATOMIC_DECREMENT(&softokenLoadCount)) { 1: softokenLoadCount = 0 (gdb) Breakpoint 1, SECMOD_UnloadModule (mod=0x610ba0) at pk11load.c:600 600 if (0 == PR_ATOMIC_DECREMENT(&softokenLoadCount)) { 1: softokenLoadCount = -1 (gdb) test_instance() succeeded 1/16 Breakpoint 1, SECMOD_UnloadModule (mod=0x6716b0) at pk11load.c:600 600 if (0 == PR_ATOMIC_DECREMENT(&softokenLoadCount)) { 1: softokenLoadCount = 2 (gdb) Breakpoint 1, SECMOD_UnloadModule (mod=0x612dc0) at pk11load.c:600 600 if (0 == PR_ATOMIC_DECREMENT(&softokenLoadCount)) { 1: softokenLoadCount = 1 (gdb) Breakpoint 1, SECMOD_UnloadModule (mod=0x63c580) at pk11load.c:600 600 if (0 == PR_ATOMIC_DECREMENT(&softokenLoadCount)) { 1: softokenLoadCount = 0 (gdb) Breakpoint 1, SECMOD_UnloadModule (mod=0x612080) at pk11load.c:600 600 if (0 == PR_ATOMIC_DECREMENT(&softokenLoadCount)) { 1: softokenLoadCount = -1 (gdb) Breakpoint 1, SECMOD_UnloadModule (mod=0x610ba0) at pk11load.c:600 600 if (0 == PR_ATOMIC_DECREMENT(&softokenLoadCount)) { 1: softokenLoadCount = -2 (gdb) test_instance() succeeded 2/16 Breakpoint 1, SECMOD_UnloadModule (mod=0x6e8de0) at pk11load.c:600 600 if (0 == PR_ATOMIC_DECREMENT(&softokenLoadCount)) { 1: softokenLoadCount = 1 (gdb) Program received signal SIGSEGV, Segmentation fault. 0x000000330a40ddc0 in ?? () (gdb) up #1 0x0000003d59c589be in SECMOD_FreeModuleSpecList (module=0x610ba0, moduleSpecList=0x60d110) at pk11pars.c:1077 1077 retString = (*func)(SECMOD_MODULE_DB_FUNCTION_RELEASE, (gdb) print func $2 = (SECMODModuleDBFunc) 0x330a40ddc0 (gdb) info symbol func No symbol matches func. [reply] [-] Private Comment 1 Kamil Dudka 2012-01-05 15:02:43 EST Created attachment 551005 [details] [diff] [review] a test-case [reply] [-] Private Comment 2 Kamil Dudka 2012-01-05 15:03:28 EST Created attachment 551006 [details] [diff] [review] a proposed fix [reply] [-] Private Comment 3 Bob Relyea 2012-01-05 16:36:08 EST Comment on attachment 551006 [details] [diff] [review] a proposed fix r+ rrelyea good catch Kamil. elio same drill with upstreaming this patch. bob
Assignee | ||
Comment 1•13 years ago
|
||
This patch was reviewed downstream by Bob.
Attachment #586220 -
Flags: review?(rrelyea)
Assignee | ||
Updated•13 years ago
|
Assignee: nobody → emaldona
Comment 2•13 years ago
|
||
Comment on attachment 586220 [details] [diff] [review] Kamil's proposed fix r+ rrelyea
Attachment #586220 -
Flags: review?(rrelyea) → review+
Assignee | ||
Updated•13 years ago
|
Summary: premature unloading of softoken crashes libcur → premature unloading of softoken crashes libcurl
Assignee | ||
Comment 3•13 years ago
|
||
Checked in to trunk: cvs commit -m "Bug 715666 - premature unloading of softoken crashes libcurl, contributed by Kamil Dudka, r=rrelyea" ./mozilla/security/nss/lib/pk11wrap/pk11load.c Checking in ./mozilla/security/nss/lib/pk11wrap/pk11load.c; /cvsroot/mozilla/security/nss/lib/pk11wrap/pk11load.c,v <-- pk11load.c new revision: 1.34; previous revision: 1.33
Status: NEW → RESOLVED
Closed: 13 years ago
Resolution: --- → FIXED
Updated•12 years ago
|
OS: Linux → All
Priority: -- → P1
Hardware: x86_64 → All
Target Milestone: --- → 3.13.2
You need to log in
before you can comment on or make changes to this bug.
Description
•