Last Comment Bug 353908 - klocwork OOM crash in tdcache.c
: klocwork OOM crash in tdcache.c
: klocwork
Product: NSS
Classification: Components
Component: Libraries (show other bugs)
: trunk
: All All
P2 normal (vote)
: 3.12
Assigned To: Alexei Volkov
Depends on:
  Show dependency treegraph
Reported: 2006-09-22 18:16 PDT by Nelson Bolyard (seldom reads bugmail)
Modified: 2006-10-09 15:29 PDT (History)
1 user (show)
See Also:
Crash Signature:
QA Whiteboard:
Iteration: ---
Points: ---

partial fix (1019 bytes, patch)
2006-10-04 14:23 PDT, Alexei Volkov
nelson: review+
Details | Diff | Splinter Review

Description User image Nelson Bolyard (seldom reads bugmail) 2006-09-22 18:16:46 PDT
ID:       90055
Function: collect_subject_certs
Location: nss/lib/pki/tdcache.c : 901

Pointer 'iter' returned from call to function 'nssList_CreateIterator' at 
line 900 may be NULL and will be dereferenced by passing argument 1 to 
function 'nssListIterator_Start' at line 901.

900		nssListIterator *iter = nssList_CreateIterator(subjectList); 
901		for (c  = (NSSCertificate *)nssListIterator_Start(iter);
Comment 1 User image Alexei Volkov 2006-10-04 14:23:25 PDT
Created attachment 241226 [details] [diff] [review]
partial fix
Comment 2 User image Nelson Bolyard (seldom reads bugmail) 2006-10-04 14:56:29 PDT
Comment on attachment 241226 [details] [diff] [review]
partial fix

This patch is correct with respect to preventing the crash.
It makes the "if (rvCertListOpt)" code be as correct as the "else" code.

But it appears to me that there is a reference leak (actually, a bunch 
of them) in both of those two paths.  Notice the call to 
nssCertificateList_AddReferences.  It adds a reference to every cert 
in the "subjectList".  If we fail to creat the iterator, those new
references must be released, or else those references will be leaked.

We can either 
(a) commit this patch and file a separate bug about that leak or 
(b) try to fix that leak for this bug in a new patch.
Alexei, I'll let you decide.
Comment 3 User image Alexei Volkov 2006-10-09 15:29:25 PDT
/cvsroot/mozilla/security/nss/lib/pki/tdcache.c,v  <--  tdcache.c
new revision: 1.45; previous revision: 1.44

Note You need to log in before you can comment on or make changes to this bug.