Closed Bug 333389 Opened 18 years ago Closed 18 years ago

sftk_NewAttribute should not crash when so is NULL [@ sftk_NewAttribute]

Categories

(NSS :: Libraries, defect, P3)

Product:
NSS
Component:
Libraries
Version:
3.11
Type:
defect

Tracking

(Not tracked)

Status:
RESOLVED FIXED
Milestone:
3.11.1

People

(Reporter: timeless, Assigned: alvolkov.bgs)

References

(
URL
)

Details

(Keywords: coverity, crash, Whiteboard: CID 228)

Crash Data

Attachments

(1 file)

return null if SFTKSessionObject is NULL
966 bytes, patch
nelson
: review+
Details | Diff | Splinter Review 
Code that uses PORT_Assert expects to die. if it doesn't, it'll crash later.

Unfortunately, PR_ASSERT is only fatal in some builds. If you want to be always fatal, you're supposed to use PR_Assert directly.

See http://bonsai.mozilla.org/cvsblame.cgi?file=mozilla/security/nss/lib/softoken/pkcs11u.c&rev=1.70&mark=64,67-69,83#58

for a case where coverity complained
PORT_Assert is only fatal in DEBUG builds, by design.
I think the essence of this bug report is that, in non-DEBUG builds,
sftk_NewAttribute() crashes when so is NULL, rather failing gracefully.  
Is that assessment of this bug correct?
yes. i kinda presumed that the fault was in PORT_Assert not doing as the code expected. but if PORT_Assert really wants the behavior it has, then i'll gladly morph this bug to what coverity originally implicated instead of what i divined:

if sftk_narrowToSessionObject returns null we crash.
URL: http://bonsai.mozilla.org/cvsblame.cg...http://bonsai.mozilla.org/cvsblame.cg...
Keywords: crash
Summary: PORT_Assert isn't always fatal → [@ sftk_NewAttribute]
Is this crash actually being seen, at all? 
If not, this is P3 at most.
Priority: -- → P3
Summary: [@ sftk_NewAttribute] → sftk_NewAttribute should not crash when so is NULL [@ sftk_NewAttribute]
Version: unspecified → 3.11
if i have steps or talkback bits, i'd include them. the bugs i'm filing w/ coverity keywords are direct from scan.coverity.com w/ their analysis replaced by my hand written bonsai links.

i really don't care when you fix bugs. but in general the coverity bugs i file are simple, and i am semi actively recruiting newbies to work on such bugs, so don't be surprised if someone else posts a patch before you do (especially the longer you take to get to the bug).
Target Milestone: --- → 3.11.1
Assignee: nobody → alexei.volkov.bugs
Status: NEW → ASSIGNED

        Attachment #219802 -
        Flags: review?(rrelyea)

    
    

    
  
Comment on attachment 219802 [details] [diff] [review]
return null if SFTKSessionObject is NULL

r=nelson

        Attachment #219802 -
        Flags: review?(rrelyea) → review+

    
    

    
  
tip:
/cvsroot/mozilla/security/nss/lib/softoken/pkcs11u.c,v  <--  pkcs11u.c
new revision: 1.72; previous revision: 1.71

3.11 branch:
/cvsroot/mozilla/security/nss/lib/softoken/pkcs11u.c,v  <--  pkcs11u.c
new revision: 1.69.2.3; previous revision: 1.69.2.2

Status: ASSIGNED → RESOLVED
Closed: 18 years ago
Resolution: --- → FIXED

    
    

    
  
Please also check this in on the NSS_3_11_1_BRANCH

    
    

    
  
3.11.1:
/cvsroot/mozilla/security/nss/lib/softoken/pkcs11u.c,v  <--  pkcs11u.c
new revision: 1.69.2.2.2.1; previous revision: 1.69.2.2


    
    

    
  
CID 228
Whiteboard: CID 228
Crash Signature: [@ sftk_NewAttribute]

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: