Closed Bug 401057 Opened 17 years ago Closed 17 years ago

crmftest crashes in crmf_copy_bitstring

Categories

(NSS :: Libraries, defect, P2)

All
Windows Server 2003
defect

Tracking

(Not tracked)

RESOLVED FIXED
3.11.8

People

(Reporter: julien.pierre, Assigned: julien.pierre)

Details

Attachments

(2 files)

I ran into this bug while running 32 bit NSS bits on a win64 system.
The code tries to copy 8 times too much data. It crashes on the 64-bit system because it reads past the end of the source buffer. I'm not sure why it doesn't crash the same way on other platforms. Patch forthcoming.
Priority: -- → P2
Target Milestone: --- → 3.12
Attachment #286113 - Flags: review?(nelson)
Julien, what do you think of this alternative?
Attachment #286117 - Flags: review?(julien.pierre.boogz)
Comment on attachment 286117 [details] [diff] [review]
alternative patch, cleaner (?)

That works OK too.
Attachment #286117 - Flags: review?(julien.pierre.boogz) → review+
Attachment #286113 - Flags: review?(nelson)
Checking in crmfreq.c; new revision: 1.8; previous revision: 1.7
Status: NEW → RESOLVED
Closed: 17 years ago
Resolution: --- → FIXED
I would like to reopen this bug to fix it on the NSS_3_11_BRANCH also. This will allow us to run the QA on Win64 systems.
Status: RESOLVED → REOPENED
Resolution: FIXED → ---
Attachment #286117 - Flags: superreview?(alexei.volkov.bugs)
Target Milestone: 3.12 → 3.11.9
Comment on attachment 286117 [details] [diff] [review]
alternative patch, cleaner (?)

r=alexei
Attachment #286117 - Flags: superreview?(alexei.volkov.bugs) → superreview+
Thanks, Alexei. I checked this patch in to NSS_3_11_BRANCH .

Checking in crmfreq.c;
/cvsroot/mozilla/security/nss/lib/crmf/crmfreq.c,v  <--  crmfreq.c
new revision: 1.4.28.3; previous revision: 1.4.28.2
done
Status: REOPENED → RESOLVED
Closed: 17 years ago17 years ago
Resolution: --- → FIXED
Target Milestone: 3.11.9 → 3.11.8
You need to log in before you can comment on or make changes to this bug.