Open
Bug 298938
Opened 19 years ago
Updated 2 years ago
SECITEM_ReallocItem fails if newlen < oldlen and arena non-null
Categories
(NSS :: Libraries, defect, P3)
Tracking
(Not tracked)
NEW
People
(Reporter: nelson, Unassigned)
Details
This bug reports several errors. I know that's bad bugzilla practice. Depending on how one is fixed, the others may or may not need fixing. I found this by examining code while reviewing a patch for bug 298906. First. PORT_ArenaGrow asserts that newsize >= oldsize, but doesn't take any action in optimized builds to prevent the problem. If (as it appears to me) PL_ARENA_GROW can't stand negative numbers for the last argument, then PORT_ArenaGrow should ensure that it NEVER passes them to PL_ARENA_GROW, not even in optimized builds. Perhaps PORT_ArenaGrow should just treat oldsize > newsize as a trivial success case, and not assert, but simply return ptr without taking any action. Second, when the arena argument is non-NULL, SECITEM_ReallocItem calls PL_ARENA_GROW without first checking that oldlen <= newlen. In this case (arena non-NULL, oldlen > newlen, the function should probably just leave item->data unchanged. And of course, this function should set item->len to the new value when it succeeds. If PORT_ArenaGrow is fixed to tread new < old as a success, then perhaps there is no further fix needed for this issue in SECITEM_ReallocItem. Perhaps the part of this bug regarding SECITEM_ReallocItem should be combined with bug 298649, and this bug should be only about PORT_ArenaGrow.
Reporter | ||
Updated•18 years ago
|
Assignee: wtchang → nobody
QA Contact: jason.m.reid → libraries
Reporter | ||
Updated•18 years ago
|
Priority: -- → P3
Updated•2 years ago
|
Severity: normal → S3
You need to log in
before you can comment on or make changes to this bug.
Description
•