Closed Bug 334458 Opened 19 years ago Closed 18 years ago

Variable "(cache)->sharedCache" tracked as NULL was passed to a function that dereferences it. [@ CloseCache - InitCache]

Categories

(NSS :: Libraries, defect, P2)

3.11
All
Linux
defect

Tracking

(Not tracked)

RESOLVED FIXED
3.11.3

People

(Reporter: timeless, Assigned: alvolkov.bgs)

References

()

Details

(Keywords: coverity, crash, Whiteboard: [CID 203])

Crash Data

Attachments

(1 file)

found by coverity
Target Milestone: --- → 3.11.1
Priority: -- → P2
Hardware: PC → All
Does not look like a bug to me. 

sharedCache and cacheMem both get assigned to NULL/0 in the beginning of InitCache function. 
939     cache->shared = shared;
940     cache->cacheMem    = cacheMem    = NULL;
941     cache->cacheMemMap = cacheMemMap = NULL;
942     cache->sharedCache = (cacheDesc *)0;

Later in the same function, both variable get set to cacheMem, but only after cacheMem allocation is successful.

1071     cache->cacheMem    = cacheMem;
1072     cache->sharedCache = (cacheDesc *)cacheMem;

Therefore it is sufficient to verify that cacheMem is not NULL to proceed with 
dereferencing of sharedCache in function CloseCash. 
Status: NEW → RESOLVED
Closed: 19 years ago
Resolution: --- → INVALID
In this function, there are some lines of code that look like this:
     cfn = PR_smprintf( ...

PR_smprintf allocates the memory it returns. 
If it fails to allocate that memory (out of memory), 
then the code below it goes to loser 
with (cache)->sharedCache still NULL.
Status: RESOLVED → REOPENED
Resolution: INVALID → ---
Assignee: nobody → alexei.volkov.bugs
Status: REOPENED → NEW
Target Milestone: 3.11.1 → 3.11.2
Coverity CID 203
Whiteboard: [CID 203]
Retargetting all P2s to 3.11.3 .
Target Milestone: 3.11.2 → 3.11.3
Attached patch fixSplinter Review
Attachment #226831 - Flags: review?(nelson)
Comment on attachment 226831 [details] [diff] [review]
fix

r=nelson
Attachment #226831 - Flags: review?(nelson) → review+
tip:
new revision: 1.38; previous revision: 1.37

3.11 branch:
new revision: 1.36.2.2; previous revision: 1.36.2.1
Assignee: alexei.volkov.bugs → nobody
tip:
new revision: 1.38; previous revision: 1.37

3.11 branch:
new revision: 1.36.2.2; previous revision: 1.36.2.1
Assignee: nobody → alexei.volkov.bugs
Status: NEW → RESOLVED
Closed: 19 years ago18 years ago
Resolution: --- → FIXED
Crash Signature: [@ CloseCache - InitCache]
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: