crash in PR_Socket with IPv6 emulation on VMS and WinNT

RESOLVED FIXED in 4.6.8

Status

defect
P1
blocker
RESOLVED FIXED
12 years ago
12 years ago

People

(Reporter: nelson, Assigned: nelson)

Tracking

4.6.8
4.6.8
Dependency tree / graph

Firefox Tracking Flags

(Not tracked)

Details

Attachments

(1 attachment)

Posted patch patch v1Splinter Review
Found in first candidate build of NSPR 4.6.8.
In Out-Of-Memory conditions, the call to function _pr_push_ipv6toipv4_layer
in PR_Socket can return PR_FAILURE, leading to a crash in the new code 
that sets pr->secret->af, which was part of the fix to bug 387954.

The proposed patch to correct this is attached.

This will necessitate a respin of the NSPR 4.6.8 release candidate. 
I think the new spin should be designated NSPR 4.6.8.1.  (You will recall 
we designated this additional level of version number to signify release 
candidates, or did we do that only for NSS?)

Since an RTM tag has not yet been made, we don't have that difficulty to 
deal with.  (But we could move it if it had been made.)
Attachment #287516 - Flags: review?(wtc)
Note: this affects no Mozilla client products.
Attachment #287516 - Flags: superreview?(julien.pierre.boogz)
The cause of the failure may not be memory allocation failure. :-/

See bug 402669
Priority: -- → P1
Summary: OOM crash in PR_Socket in WinNT version → crash in PR_Socket in WinNT version

Comment 3

12 years ago
Comment on attachment 287516 [details] [diff] [review]
patch v1

r=wtc.

Please avoid the 4.6.8.1 version number if you can.
Attachment #287516 - Flags: review?(wtc) → review+

Comment 4

12 years ago
Comment on attachment 287516 [details] [diff] [review]
patch v1

The reason for the crash was not that fd was NULL, but that fd->secret was NULL.

After _pr_push_ipv6toipv4_layer succeeds, fd->secret points to the secret part of the conversion layer, instead of the one from the PR socket layer. That just happens to be NULL.
Attachment #287516 - Flags: superreview?(julien.pierre.boogz) → superreview+

Updated

12 years ago
Summary: crash in PR_Socket in WinNT version → crash in PR_Socket with IPv6 emulation on VMS and WinNT

Updated

12 years ago
OS: Windows XP → All
Hardware: PC → All

Comment 5

12 years ago
I checked in the patch on behalf of Nelson.

Checking in prsocket.c;
/cvsroot/mozilla/nsprpub/pr/src/io/prsocket.c,v  <--  prsocket.c
new revision: 3.60; previous revision: 3.59
done
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → FIXED

Comment 6

12 years ago
This bug fix is targeted for 4.6.8 (NSPR_4_6_BRANCH). The commit has been done only on the trunk.

version of prsocket.c on NSPR_4_6_BRANCH:
===================================================================
File: prsocket.c        Status: Up-to-date

   Working revision:    3.57.2.1
   Repository revision: 3.57.2.1        /cvsroot/mozilla/nsprpub/pr/src/io/prsocket.c,v
   Sticky Tag:          NSPR_4_6_BRANCH (branch: 3.57.2)
   Sticky Date:         (none)
   Sticky Options:      (none)


Status: RESOLVED → REOPENED
Resolution: FIXED → ---

Comment 7

12 years ago
Sriram and I have tested the latest build from the trunk (20071107) and the server does not crash anymore.

Comment 8

12 years ago
Christophe,

Sorry about that. I checked in the fix to the branch.

Checking in pr/src/io/prsocket.c;
/cvsroot/mozilla/nsprpub/pr/src/io/prsocket.c,v  <--  prsocket.c
new revision: 3.57.2.2; previous revision: 3.57.2.1
done
Status: REOPENED → RESOLVED
Closed: 12 years ago12 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.