Closed Bug 337013 Opened 18 years ago Closed 18 years ago

OOM crash [@ nssArena_Destroy - nssTrustDomain_TraverseCertificatesBySubject][@ nssArena_Destroy - nssTrustDomain_TraverseCertificatesByNickname] Dereferencing possibly NULL "tmpArena"

Categories

(NSS :: Libraries, defect, P2)

3.11
All
Linux
defect

Tracking

(Not tracked)

RESOLVED FIXED
3.11.3

People

(Reporter: timeless, Assigned: alvolkov.bgs)

References

()

Details

(Keywords: coverity, crash, Whiteboard: [CID 308 309])

Crash Data

Attachments

(1 file)

Event returned_null: Function "NSSArena_Create" returned NULL value (checked 12 out of 14 times) [model]
Hardware: PC → All
Target Milestone: --- → 3.11.2
Priority: -- → P2
Assignee: nobody → alexei.volkov.bugs
Looks like these functions are obsolete, or at least lxr does not show that anybody uses them and they are not a part of public interface.

Also, functions create NSSCertificate ref leak, if callback function does not
call DestroyCertificate for every cert it is called with.
Any functions with long prefix names, such as nssArena_  or nssTrustDomain_
are NEW code that was written as part of project Stan, which has not yet 
been put into use.  That is, the new functions were written to be used,
but no other code yet calls them.  

Perhaps we should make all this code be #ifdef STAN.
I don't want to delete it, because it will be forgotten and not ever used.
But we shouldn't be wasting time fixing bugs in dead code.
i don't mind the ifdef route, but if you go that way, please be sure to include a visible comment indicating that the code is known to have leaks and crashes which should be addressed before it's recomissioned :).
ok, #ifdef STAN_CODE_WITH_OOM_CRASHES    :)
CID 309, possibly others too.
Whiteboard: [CID 308 309]
Retargetting all P2s to 3.11.3 .
Target Milestone: 3.11.2 → 3.11.3
Lowing priority. The code is not used yet.
Severity: critical → normal
Prefer to fix the function instead of ifdef-ing them.

Even though arena argument is optional for NSSTrustDomain_FindCertificatesBySubject and NSSTrustDomain_FindCertificatesByName, looks like it was meant have successful arena allocation before proceeding to next call.
Attachment #235130 - Flags: review?(nelson)
Comment on attachment 235130 [details] [diff] [review]
check arena value after creation

r=nelson
Attachment #235130 - Flags: review?(nelson) → review+
Comment on attachment 235130 [details] [diff] [review]
check arena value after creation

supper review for 3.11 branch
Attachment #235130 - Flags: superreview?(julien.pierre.bugs)
Attachment #235130 - Flags: superreview?(julien.pierre.bugs) → superreview+
3.12:
/cvsroot/mozilla/security/nss/lib/pki/pki3hack.c,v  <--  pki3hack.c
new revision: 1.90; previous revision: 1.89

3.11 branch:
/cvsroot/mozilla/security/nss/lib/pki/pki3hack.c,v  <--  pki3hack.c
new revision: 1.86.28.4; previous revision: 1.86.28.3
Status: NEW → RESOLVED
Closed: 18 years ago
Resolution: --- → FIXED
Crash Signature: [@ nssArena_Destroy - nssTrustDomain_TraverseCertificatesBySubject] [@ nssArena_Destroy - nssTrustDomain_TraverseCertificatesByNickname]
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: