Closed
Bug 1220683
Opened 10 years ago
Closed 10 years ago
Checking return values in mpi.c
Categories
(NSS :: Libraries, defect)
NSS
Libraries
Tracking
(firefox45 affected)
RESOLVED
FIXED
3.22
| Tracking | Status | |
|---|---|---|
| firefox45 | --- | affected |
People
(Reporter: franziskus, Assigned: franziskus)
References
(Blocks 1 open bug)
Details
(Keywords: coverity)
Attachments
(1 file, 6 obsolete files)
|
4.33 KB,
patch
|
franziskus
:
review+
mt
:
checked-in+
|
Details | Diff | Splinter Review |
mpi.c fails to check several return (error) values. This is captured in coverity bugs 221850, 221851, 221853, 1121981, 221854, 221855, 221856, 221857.
| Assignee | ||
Comment 1•10 years ago
|
||
Attachment #8681987 -
Flags: review?(martin.thomson)
| Assignee | ||
Comment 2•10 years ago
|
||
patch is also here https://codereview.appspot.com/270610043
| Assignee | ||
Comment 3•10 years ago
|
||
forgot to include assert
Attachment #8681987 -
Attachment is obsolete: true
Attachment #8681987 -
Flags: review?(martin.thomson)
| Assignee | ||
Updated•10 years ago
|
Attachment #8682444 -
Flags: review?(martin.thomson)
Comment 4•10 years ago
|
||
Comment on attachment 8682444 [details] [diff] [review]
mpi coverity
Review of attachment 8682444 [details] [diff] [review]:
-----------------------------------------------------------------
::: lib/freebl/mpi/mpi-priv.h
@@ +15,5 @@
> #include "mpi.h"
> #include <stdlib.h>
> #include <string.h>
> #include <ctype.h>
> +#include <assert.h>
I'd move the inclusion here to the .c file.
::: lib/freebl/mpi/mpi.c
@@ +1702,5 @@
>
> ARGCHK(a != NULL, MP_EQ);
>
> + assert(mp_init(&tmp) == MP_OKAY);
> + assert(mp_set_int(&tmp, z) == MP_OKAY);
It's a shame that you need an alloc() call here. I wonder if we could hack around the problem somehow.
Attachment #8682444 -
Flags: review?(martin.thomson)
| Assignee | ||
Comment 5•10 years ago
|
||
moved the include. let's leave mp_cmp_int here, I opened bug 1222908 to rewrite that.
Attachment #8682444 -
Attachment is obsolete: true
Attachment #8684776 -
Flags: review?(martin.thomson)
Comment 6•10 years ago
|
||
Comment on attachment 8684776 [details] [diff] [review]
mpi coverity
Review of attachment 8684776 [details] [diff] [review]:
-----------------------------------------------------------------
::: lib/freebl/mpi/mpi.c
@@ +10,5 @@
> #include "mpi-priv.h"
> #if defined(OSF1)
> #include <c_asm.h>
> #endif
> +#include <limits.h>
why limits and not assert?
@@ +1491,5 @@
> mp_set(&s, 1);
>
> /* mu = b^2k / m */
> + MP_CHECKOK(s_mp_add_d(&mu, 1));
> + MP_CHECKOK(s_mp_lshd(&mu, 2 * USED(m)));
Please try to be consistent with the adjoining code.
Attachment #8684776 -
Flags: review?(martin.thomson) → review+
| Assignee | ||
Comment 7•10 years ago
|
||
r+ carries over.
not sure why I used limits here... changed to assert. Also changed MP_CHECKOK to if != MP_OKAY to make it similar to the adjoining code.
do you check in?
Attachment #8684776 -
Attachment is obsolete: true
Flags: needinfo?(martin.thomson)
Attachment #8685381 -
Flags: review+
| Assignee | ||
Comment 8•10 years ago
|
||
got distracted... r+ carries over
Attachment #8685381 -
Attachment is obsolete: true
Attachment #8685382 -
Flags: review+
| Assignee | ||
Comment 9•10 years ago
|
||
today's not my day... r+ carries over
Attachment #8685382 -
Attachment is obsolete: true
Attachment #8685395 -
Flags: review+
Comment 10•10 years ago
|
||
Comment on attachment 8685395 [details] [diff] [review]
mpi coverity
Review of attachment 8685395 [details] [diff] [review]:
-----------------------------------------------------------------
https://hg.mozilla.org/projects/nss/rev/1ffeb4a97c1c
Attachment #8685395 -
Flags: checked-in+
Updated•10 years ago
|
Status: NEW → RESOLVED
Closed: 10 years ago
Flags: needinfo?(martin.thomson)
Resolution: --- → FIXED
Target Milestone: --- → 3.22
Comment 11•10 years ago
|
||
Martin reported we have test failures:
> cert.sh: #86: Creating EC CA Cert TestCA-ec (5=0) - FAILED
Apprently this change broke the NSS tests when using an optimized build (debug works fine).
I will back out the patch.
Status: RESOLVED → REOPENED
Resolution: FIXED → ---
Comment 12•10 years ago
|
||
(In reply to Kai Engert (:kaie) from comment #11)
> I will back out the patch.
https://hg.mozilla.org/projects/nss/rev/e8d7d9c23621
Comment 13•10 years ago
|
||
Comment on attachment 8685395 [details] [diff] [review]
mpi coverity
Review of attachment 8685395 [details] [diff] [review]:
-----------------------------------------------------------------
::: lib/freebl/mpi/mpi.c
@@ +1705,5 @@
>
> ARGCHK(a != NULL, MP_EQ);
>
> + assert(mp_init(&tmp) == MP_OKAY);
> + assert(mp_set_int(&tmp, z) == MP_OKAY);
assert() doesn't evaluate the condition at all if NDEBUG is defined, so this would explain the broken opt builds.
Comment 14•10 years ago
|
||
…except that on Windows, -UNDEBUG is added unconditionally in lib/freebl/mpi/target.mk (and -DNDEBUG is added on Linux, which is arguably worse), so a Windows opt build wouldn't reveal the breakage. Is there a reason for that? `hg blame` isn't very helpful.
Comment 15•10 years ago
|
||
I'm not sure that this is worth the extra effort involved. I note that the ARGCHK call returns MP_EQ if the `a` argument is NULL. Maybe we can dump out with MP_EQ if we have memory issues as well. It seems like the worst possible return code, but there you have it.
Attachment #8688143 -
Flags: feedback?(franziskuskiefer)
| Assignee | ||
Comment 16•10 years ago
|
||
Comment on attachment 8688143 [details] [diff] [review]
mp_cmp_int.patch
Review of attachment 8688143 [details] [diff] [review]:
-----------------------------------------------------------------
This is a bit overkill, but works, so lets go with this for now (make sure the other patch is checked in again first).
If we could rewrite ec_GFp_pt_dbl_jac [1] we could just remove mp_cmp_int (it's not used anywhere else), but I don't see a quick way to replace the compare there.
[1] https://github.com/nss-dev/nss/blob/79dd4fc2d52149f59824df5013ecf20fa247ba93/lib/freebl/ecl/ecp_jac.c#L235
::: lib/freebl/mpi/mpi.c
@@ +1723,5 @@
> /*
> This just converts z to an mp_int, and uses the existing comparison
> routines. This is sort of inefficient, but it's not clear to me how
> frequently this wil get used anyway. For small positive constants,
> you can always use mp_cmp_d(), and for zero, there is mp_cmp_z().
you might want to change the comment here
@@ +1733,3 @@
>
> ARGCHK(a != NULL, MP_EQ);
>
nit: whitespace
Attachment #8688143 -
Flags: feedback?(franziskuskiefer) → feedback+
Comment 17•10 years ago
|
||
Well, ec_GFp_pt_dbl_jac could just do the basic check.
MP_SIGN(a) && MP_DIGIT(a, 0) == 3 && for(i = 1; i < MP_USED(a); ++i) !MP_DIGIT(a, i);
Bob, maybe you can offer an opinion here. Do you think we need a generic function, or should I just write the above into ec_GFp_pt_dbl_jac ?
Flags: needinfo?(rrelyea)
| Assignee | ||
Comment 18•10 years ago
|
||
Comment on attachment 8688143 [details] [diff] [review]
mp_cmp_int.patch
moved this to Bug 1222908 to clean up and land the main patch again without asserts in mp_cmp_int.
Attachment #8688143 -
Attachment is obsolete: true
Flags: needinfo?(rrelyea)
| Assignee | ||
Comment 19•10 years ago
|
||
landed it again without the asserts. let's fix the mp_cmp_int in bug 1222908
https://hg.mozilla.org/projects/nss/rev/973d29c1864f
Status: REOPENED → RESOLVED
Closed: 10 years ago → 10 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•