Closed Bug 1649322 Opened 1 year ago Closed 1 year ago

null pointer passed as argument 2, which is declared to never be null in src/security/nss/lib/pk11wrap/pk11pbe.c:1246

Categories

(NSS :: Libraries, defect)

3.54
defect

Tracking

(firefox79 wontfix, firefox80 fixed)

RESOLVED FIXED
Tracking Status
firefox79 --- wontfix
firefox80 --- fixed

People

(Reporter: tsmith, Assigned: beurdouche)

References

(Blocks 1 open bug)

Details

Attachments

(2 files)

This can be triggered with xpcshell tests. To enable this check add the following to your mozconfig:
ac_add_options --enable-undefined-sanitizer="nonnull-attribute"

src/security/nss/lib/pk11wrap/pk11pbe.c:1246:40: runtime error: null pointer passed as argument 2, which is declared to never be null
/usr/include/string.h:47:28: note: nonnull attribute specified here
    #0 0x7ff8d91b2d7f in PK11_CreatePBEParams src/security/nss/lib/pk11wrap/pk11pbe.c:1246:5
    #1 0x7ff8f25c85c8 in sec_pkcs12_decoder_verify_mac src/security/nss/lib/pkcs12/p12d.c:1352:14
    #2 0x7ff8f25c85c8 in SEC_PKCS12DecoderVerify src/security/nss/lib/pkcs12/p12d.c:1505:20
    #3 0x7ff8e983a959 in nsPKCS12Blob::ImportFromFile(nsIFile*, nsTSubstring<char16_t> const&, unsigned int&) src/security/manager/ssl/nsPKCS12Blob.cpp:71:19
    #4 0x7ff8e983a2f4 in nsNSSCertificateDB::ImportPKCS12File(nsIFile*, nsTSubstring<char16_t> const&, unsigned int*) src/security/manager/ssl/nsNSSCertificateDB.cpp:795:13
    #5 0x7ff8df38e291 in NS_InvokeByIndex src/xpcom/reflect/xptcall/md/unix/xptcinvoke_asm_x86_64_unix.S:106
    #6 0x7ff8e0d65406 in Invoke src/js/xpconnect/src/XPCWrappedNative.cpp:1618:10
    #7 0x7ff8e0d65406 in Call src/js/xpconnect/src/XPCWrappedNative.cpp:1174:19
    #8 0x7ff8e0d65406 in XPCWrappedNative::CallMethod(XPCCallContext&, XPCWrappedNative::CallMode) src/js/xpconnect/src/XPCWrappedNative.cpp:1140:23
    #9 0x7ff8e0d6a352 in XPC_WN_CallMethod(JSContext*, unsigned int, JS::Value*) src/js/xpconnect/src/XPCWrappedNativeJSOps.cpp:946:10
    #10 0x7ff8e9ff7697 in CallJSNative src/js/src/vm/Interpreter.cpp:484:13
    #11 0x7ff8e9ff7697 in js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct, js::CallReason) src/js/src/vm/Interpreter.cpp:576:12
    #12 0x7ff8e9ff9788 in InternalCall(JSContext*, js::AnyInvokeArgs const&, js::CallReason) src/js/src/vm/Interpreter.cpp:639:10
    #13 0x7ff8e9fe17ab in CallFromStack src/js/src/vm/Interpreter.cpp:643:10
    #14 0x7ff8e9fe17ab in Interpret(JSContext*, js::RunState&) src/js/src/vm/Interpreter.cpp:3298:16
    #15 0x7ff8e9fc6f96 in js::RunScript(JSContext*, js::RunState&) src/js/src/vm/Interpreter.cpp:456:10
    #16 0x7ff8e9ff777a in js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct, js::CallReason) src/js/src/vm/Interpreter.cpp:611:13
    #17 0x7ff8e9ff9788 in InternalCall(JSContext*, js::AnyInvokeArgs const&, js::CallReason) src/js/src/vm/Interpreter.cpp:639:10
    #18 0x7ff8eae8769f in js::jit::DoCallFallback(JSContext*, js::jit::BaselineFrame*, js::jit::ICCall_Fallback*, unsigned int, JS::Value*, JS::MutableHandle<JS::Value>) src/js/src/jit/BaselineIC.cpp:2992:10
    #19 0x3adcc9f1bbc7  (<unknown module>)
Assignee: nobody → bbeurdouche
Status: NEW → RESOLVED
Closed: 1 year ago
Resolution: --- → FIXED
Target Milestone: --- → 3.55

Unfortunately this patch breaks a test on uplift. We should just scope the check down to the memcpy on that line.

Status: RESOLVED → REOPENED
Resolution: FIXED → ---
Flags: needinfo?(bbeurdouche)
Flags: needinfo?(bbeurdouche)
Status: REOPENED → RESOLVED
Closed: 1 year ago1 year ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.