292023 - nssArenaHashAllocOps claims using NSSArena but actually doesn't.

Status: NEW

(NSS :: Libraries, defect, P5)

Description

[Wan-Teh Chang]

In lib/base/hashops.c, we have (null 'arena'
checks omitted for brevity):

/*
 * hashops.c
 *
 * This file includes a set of PLHashAllocOps that use NSSArenas.
 */

static void * PR_CALLBACK
nss_arena_hash_alloc_table
(
  void *pool,
  PRSize size
)
{
  NSSArena *arena = (NSSArena *)NULL;

  return nss_ZAlloc(arena, size);
}

static void PR_CALLBACK
nss_arena_hash_free_table
(
  void *pool, 
  void *item
)
{
  (void)nss_ZFreeIf(item);
}

static PLHashEntry * PR_CALLBACK
nss_arena_hash_alloc_entry
(
  void *pool,
  const void *key
)
{
  NSSArena *arena = NULL;

  return nss_ZNEW(arena, PLHashEntry);
}

static void PR_CALLBACK
nss_arena_hash_free_entry
(
  void *pool,
  PLHashEntry *he,
  PRUintn flag
)
{
  if( HT_FREE_ENTRY == flag ) {
    (void)nss_ZFreeIf(he);
  }
}

NSS_IMPLEMENT_DATA PLHashAllocOps 
nssArenaHashAllocOps = {
  nss_arena_hash_alloc_table,
  nss_arena_hash_free_table,
  nss_arena_hash_alloc_entry,
  nss_arena_hash_free_entry
};

This is used like this:

   rv->plHashTable = PL_NewHashTable(0, nss_ckfw_identity_hash,
     PL_CompareValues, PL_CompareValues, &nssArenaHashAllocOps, arena);

So an arena is passed as the 'pool' argument to those four
PLHashAllocOps callback functions, but they all ignore their
'pool' argument!

The obvious fix is to replace the line

  NSSArena *arena = (NSSArena *)NULL;

by

  NSSArena *arena = (NSSArena *)pool;

But I am worried this will cause some latent bug
to surface.

Alternatively, we can change the comment and identifier
names to reflect the code.

Comment 1

[BugBot [:suhaib / :marco/ :calixte]]

The bug assignee is inactive on Bugzilla, so the assignee is being reset.