I believe we have many places in the NSS code where we are assuming PR_Free will work on a pointer allocated from the standard C lib. For example, in our headers, PR_Strdup is a macro to strdup (except on Mac). Then we try to free it with PR_Free. This can cause problems especially with the zone allocator. This scenario actually happens in the PKCS#11 module initialization code where the module name gets duplicated. It normally doesn't get exposed because PR_Free maps to free() most of the time, and works. Even with the zone allocator, if we don't find it in the zone map, we fall back to free(). This can mask many problems like double-frees. I actually ran into this on NT because I had a mismatch of runtime libraries for NSS, NSPR and the web server I was running on. NSPR was built in OBJD mode and the free caused an assertion in the MS runtime library. I would suggest that we should have a way to make the zone allocator assert in cases where the block to free isn't found in the zones. For NT we could force that to occur in the OBJD builds since we have to do them anyway. For other platforms I suggest an environment variable. Using that, we can then debug all of our invalid malloc/PR_Malloc vs PR_free/free assumptions and clean up our code.
The PORT_Strdup problem that Julien mentioned has been fixed in bug 131057.
Status: NEW → ASSIGNED
Changed the QA contact to Bishakha.
QA Contact: sonja.mirtitsch → bishakhabanerjee
Set target milestone to NSS 3.5.
Target Milestone: 3.4.1 → 3.5
Moved to target milestone 3.8 because the original NSS 3.7 release has been renamed 3.8.
Target Milestone: 3.7 → 3.8
Remove target milestone of 3.8, since these bugs didn't get into that release.
Target Milestone: 3.8 → ---
Target Milestone: 3.9
Target Milestone: --- → 3.9
QA Contact: bishakhabanerjee → jason.m.reid
You need to log in before you can comment on or make changes to this bug.