Closed Bug 353908 Opened 18 years ago Closed 18 years ago

klocwork OOM crash in tdcache.c

Categories

(NSS :: Libraries, defect, P2)

Product:
NSS
Component:
Libraries
Type:
defect

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: nelson, Assigned: alvolkov.bgs)

Details

(Keywords: klocwork)

Attachments

(1 file)

partial fix
1019 bytes, patch
nelson
: review+
Details | Diff | Splinter Review 
ID:       90055
Function: collect_subject_certs
Location: nss/lib/pki/tdcache.c : 901

Pointer 'iter' returned from call to function 'nssList_CreateIterator' at 
line 900 may be NULL and will be dereferenced by passing argument 1 to 
function 'nssListIterator_Start' at line 901.

900		nssListIterator *iter = nssList_CreateIterator(subjectList); 
901		for (c  = (NSSCertificate *)nssListIterator_Start(iter);
Priority: -- → P2
Target Milestone: --- → 3.12
Attached patch partial fixSplinter Review 
Assignee: nobody → alexei.volkov.bugs
Status: NEW → ASSIGNED

        Attachment #241226 -
        Flags: review?(nelson)

    
    

    
  
Comment on attachment 241226 [details] [diff] [review]
partial fix

This patch is correct with respect to preventing the crash.
It makes the "if (rvCertListOpt)" code be as correct as the "else" code.

But it appears to me that there is a reference leak (actually, a bunch 
of them) in both of those two paths.  Notice the call to 
nssCertificateList_AddReferences.  It adds a reference to every cert 
in the "subjectList".  If we fail to creat the iterator, those new
references must be released, or else those references will be leaked.

We can either 
(a) commit this patch and file a separate bug about that leak or 
(b) try to fix that leak for this bug in a new patch.
Alexei, I'll let you decide.

        Attachment #241226 -
        Attachment description: fix → partial fix

        Attachment #241226 -
        Flags: review?(nelson) → review+

    
    

    
  
/cvsroot/mozilla/security/nss/lib/pki/tdcache.c,v  <--  tdcache.c
new revision: 1.45; previous revision: 1.44

Status: ASSIGNED → RESOLVED
Closed: 18 years ago
Resolution: --- → FIXED

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: