Found in first candidate build of NSPR 4.6.8. In Out-Of-Memory conditions, the call to function _pr_push_ipv6toipv4_layer in PR_Socket can return PR_FAILURE, leading to a crash in the new code that sets pr->secret->af, which was part of the fix to bug 387954. The proposed patch to correct this is attached. This will necessitate a respin of the NSPR 4.6.8 release candidate. I think the new spin should be designated NSPR 220.127.116.11. (You will recall we designated this additional level of version number to signify release candidates, or did we do that only for NSS?) Since an RTM tag has not yet been made, we don't have that difficulty to deal with. (But we could move it if it had been made.)
Attachment #287516 - Flags: review?(wtc)
Note: this affects no Mozilla client products.
Attachment #287516 - Flags: superreview?(julien.pierre.boogz)
The cause of the failure may not be memory allocation failure. :-/ See bug 402669
Priority: -- → P1
Summary: OOM crash in PR_Socket in WinNT version → crash in PR_Socket in WinNT version
Comment on attachment 287516 [details] [diff] [review] patch v1 r=wtc. Please avoid the 18.104.22.168 version number if you can.
Attachment #287516 - Flags: review?(wtc) → review+
Comment on attachment 287516 [details] [diff] [review] patch v1 The reason for the crash was not that fd was NULL, but that fd->secret was NULL. After _pr_push_ipv6toipv4_layer succeeds, fd->secret points to the secret part of the conversion layer, instead of the one from the PR socket layer. That just happens to be NULL.
Attachment #287516 - Flags: superreview?(julien.pierre.boogz) → superreview+
Summary: crash in PR_Socket in WinNT version → crash in PR_Socket with IPv6 emulation on VMS and WinNT
I checked in the patch on behalf of Nelson. Checking in prsocket.c; /cvsroot/mozilla/nsprpub/pr/src/io/prsocket.c,v <-- prsocket.c new revision: 3.60; previous revision: 3.59 done
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → FIXED
This bug fix is targeted for 4.6.8 (NSPR_4_6_BRANCH). The commit has been done only on the trunk. version of prsocket.c on NSPR_4_6_BRANCH: =================================================================== File: prsocket.c Status: Up-to-date Working revision: 22.214.171.124 Repository revision: 126.96.36.199 /cvsroot/mozilla/nsprpub/pr/src/io/prsocket.c,v Sticky Tag: NSPR_4_6_BRANCH (branch: 3.57.2) Sticky Date: (none) Sticky Options: (none)
Status: RESOLVED → REOPENED
Resolution: FIXED → ---
Sriram and I have tested the latest build from the trunk (20071107) and the server does not crash anymore.
Christophe, Sorry about that. I checked in the fix to the branch. Checking in pr/src/io/prsocket.c; /cvsroot/mozilla/nsprpub/pr/src/io/prsocket.c,v <-- prsocket.c new revision: 188.8.131.52; previous revision: 184.108.40.206 done
Status: REOPENED → RESOLVED
Closed: 12 years ago → 12 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.