Closed Bug 1317959 Opened 3 years ago Closed 2 years ago
Sanitizer | leak at PL _Arena Allocate, PORT _Arena Alloc _Util, PORT _Arena ZAlloc _Util, CERT _Dist Names From Cert List
This started 1.5 days ago and has already hit beta. If it's a code regression, then it should be from this push: https://treeherder.mozilla.org/#/jobs?repo=mozilla-beta&revision=bcafa3ea224b818b4ffb165da4fa7a51f3d80280 Nils, could this be a regression from bug 1316261?
(In reply to Sebastian Hengst [:aryx][:archaeopteryx] (needinfo on intermittent or backout) from comment #1) > This started 1.5 days ago and has already hit beta. If it's a code > regression, then it should be from this push: > https://treeherder.mozilla.org/#/jobs?repo=mozilla- > beta&revision=bcafa3ea224b818b4ffb165da4fa7a51f3d80280 > > Nils, could this be a regression from bug 1316261? Yes that looks very plausible. Looking if/how we can fix that...
Martin it looks to me like someone needs to call CERT_FreeDistNames() on the new trust anchor we set in bug 1316261. But CERT_FreeDistNames is not exported by NSS. And I guess it would actually make more sense if NSS frees this stuff itself then the caller of SSL_SetTrustAnchors(). But that would mean this a NSS bug. What do you think?
I can confirm that this is an NSS bug. The fix is relatively simple, but it will take a while to work its way into gecko. If we're uplifting, where do you need/want to uplift? I need to know this so that I can patch NSS on the appropriate branches.
Flags: needinfo?(martin.thomson) → needinfo?(drno)
(In reply to Martin Thomson [:mt:] from comment #5) > I can confirm that this is an NSS bug. The fix is relatively simple, but it > will take a while to work its way into gecko. If we're uplifting, where do > you need/want to uplift? I need to know this so that I can patch NSS on the > appropriate branches. Since bug 1316261 has landed now on 52 and 53 these are the two which need to be fixed I guess. I guess in ideal case we would want to try to uplift to 51 again. And we have the request for uplift to ESR 45. But I don't know if that is feasible given that this now involves a NSS change.
We now need NSS 3.28 in order to land this. Since Firefox 51 uses NSS 3.27, we would need a new NSS release to land that there. Nils, do you want me to push for a new NSS release?
Depends on: 1305970
My guess would be that enterprises who are affected by bug 1316261 would be more concerned about the ESR 45 release, then simply having to wait (6 weeks ?) for the 52 rather than the 51 release. But I have no idea what it takes to update NSS on ESR. I'm assuming that is an even bigger task. If that is the case then I'm alright with shipping this in 52 as the earliest release.
2 years ago
2 years ago
Status: NEW → RESOLVED
Closed: 2 years ago
Resolution: --- → INCOMPLETE
You need to log in before you can comment on or make changes to this bug.