Last Comment Bug 427706 - NSS_3_12_RC1 crashes in passwordmgr tests
: NSS_3_12_RC1 crashes in passwordmgr tests
: regression
Product: NSS
Classification: Components
Component: Libraries (show other bugs)
: trunk
: All All
: P1 normal (vote)
: 3.12
Assigned To: Robert Relyea
Depends on: 423093
Blocks: NSS312regressions 426681
  Show dependency treegraph
Reported: 2008-04-07 22:41 PDT by Kai Engert (:kaie)
Modified: 2008-05-29 14:48 PDT (History)
4 users (show)
See Also:
Crash Signature:
QA Whiteboard:
Iteration: ---
Points: ---

stack (4.54 KB, text/plain)
2008-04-07 22:50 PDT, Kai Engert (:kaie)
no flags Details
NSS test case to reporduce the problem (1.34 KB, patch)
2008-04-08 10:58 PDT, Robert Relyea
no flags Details | Diff | Splinter Review
patch to resolve the issue (1.18 KB, patch)
2008-04-08 11:02 PDT, Robert Relyea
kaie: review+
Details | Diff | Splinter Review
Fix the test case. (1.52 KB, patch)
2008-04-21 15:17 PDT, Robert Relyea
slavomir.katuscak+mozilla: review-
Details | Diff | Splinter Review
Test case + some cleanup. (2.91 KB, patch)
2008-04-22 05:25 PDT, Slavomir Katuscak
rrelyea: review+
Details | Diff | Splinter Review

Description Kai Engert (:kaie) 2008-04-07 22:41:55 PDT
NSS_3_12_RC1 crashes when executing Mozilla's passwordmgr unit tests.
Comment 1 Kai Engert (:kaie) 2008-04-07 22:49:17 PDT
The failing script:

*** glibc detected *** ../../../../dist/bin/xpcshell: free(): invalid pointer: 0x0aa43b24 ***
Comment 2 Kai Engert (:kaie) 2008-04-07 22:50:03 PDT
Created attachment 314271 [details]
Comment 3 Kai Engert (:kaie) 2008-04-07 22:52:22 PDT
#9  0x00eff99b in PK11SDR_Decrypt (data=0xbf919ec8, result=0xbf919ebc, cx=0xaa43b38) at pk11sdr.c:387
387                         SECITEM_ZfreeItem(&, PR_FALSE);
(gdb) l
382                     if ( {
383                         /* this is unlikely but possible. If we hit this condition,
384                          * we have no way of knowing which possibility to prefer.
385                          * in this case we just match the key the application
386                          * thought was the right one */
387                         SECITEM_ZfreeItem(&, PR_FALSE);
388                     } else {
389                         possibleResult =;
390                     }
391                 }
(gdb) print sdrResult
$1 = {keyid = {type = siBuffer, data = 0xaa43afc "�", len = 16}, alg = {algorithm = {type = siBuffer,
      data = 0xaa43b10 "*\206H\206�\r\003\a\004\b��\212]�\035��\004\b", len = 8}, parameters = {type = siBuffer,
      data = 0xaa43b18 "\004\b��\212]�\035��\004\b", len = 10}}, data = {type = siBuffer, data = 0xaa43b24 "", len = 8}}
Comment 4 Kai Engert (:kaie) 2008-04-07 22:57:59 PDT
This crash has been introduced by bug 423093.

I tested reverting file pk11sdr.c to revision 1.19, and it fixes the crash.
Comment 5 Robert Relyea 2008-04-08 09:26:58 PDT
Let's go with 1.19  In the NSS RC1 tag.

Comment 6 Christophe Ravel 2008-04-08 10:45:12 PDT
The tag NSS_3_12_RC1 was already created. We should not change it.
I'd suggest that we tag the tree as NSS_3_12_RC2 (with pk11sdr.c reverted to what it was in rev 1.19).

We also need to reopen bug 423093.
Comment 7 Robert Relyea 2008-04-08 10:58:30 PDT
Created attachment 314371 [details] [diff] [review]
NSS test case to reporduce the problem
Comment 8 Robert Relyea 2008-04-08 11:02:25 PDT
Created attachment 314372 [details] [diff] [review]
patch to resolve the issue
Comment 9 Robert Relyea 2008-04-08 11:04:14 PDT
I think the  best way to resolve the mozilla issue is to include 3.19 in NSS.

call int RC2.
We can add this batch to what will become NSS 3.12.1

Comment 10 Robert Relyea 2008-04-08 11:50:53 PDT
ok, I've created a new NSS_3_12_RC2 tag, christophe,can you verify that it's correct. I've reverted pk11sdr.c to revision 1.19 by checking the reverted code in (1.21). I also bumped the build number in nss.h

Comment 11 Christophe Ravel 2008-04-08 13:40:18 PDT
To be more consistent, you could also have changed the version in softkver.h to the same version as in nss.h. But now that the tag is done, it is not worth changing. RC2 is not a true release candidate since we still have to fix bug 423093. We'll have to take care of the softoken version for the next RC.
Comment 12 Kai Engert (:kaie) 2008-04-08 17:04:25 PDT
I applied Bob's patches and ran a local build and the test suite.
I got 4 SDR failures.
I've sent email to Bob with more details.
Comment 13 Kai Engert (:kaie) 2008-04-21 11:47:40 PDT
The following test always fails on my system: Decrypt - Value 2
sdrtest -d . -i /home/kaie/moz/nss/head/mozilla/tests_results/security/localhost.19/tests.v2.24047 -t The quick brown fox jumped over the lazy dog #5: Decrypt - Value 2  - FAILED

In the previous comment I had reported 4 failures. I think this is because runs all tests 4 times.
Comment 14 Robert Relyea 2008-04-21 15:17:14 PDT
Created attachment 316893 [details] [diff] [review]
Fix the test case.
Comment 15 Robert Relyea 2008-04-21 16:53:24 PDT
Kai, could you run the tests again with the new testcase.
Also, be sure to apply the patch to version 1.20, not 1.21 (which has the whole set of code backed out).

Comment 16 Slavomir Katuscak 2008-04-22 05:15:23 PDT
Comment on attachment 316893 [details] [diff] [review]
Fix the test case.

Latest test will not work, using -o instead of -i. Also I see some mess in naming of variables and output messages, I prepared new patch for this.
Comment 17 Slavomir Katuscak 2008-04-22 05:25:50 PDT
Created attachment 316994 [details] [diff] [review]
Test case + some cleanup.

Patch based on Bob's patch. 

1. Fixed -o -> -i.
2. Using unused T1 string and changed SMALLPAD to T3 to have the same naming for similar tests (if there is a reason for naming SMALLPAD, feel free to add comment to my patch). 
3. Changed HTML messages to unique format (3 similar tests had 3 completely different messages) and fixed confusing " ' in echo messages to match following command.
Comment 18 Kai Engert (:kaie) 2008-04-22 07:25:15 PDT
Comment on attachment 314372 [details] [diff] [review]
patch to resolve the issue

When I combine this patch with cvs version 1.20 and test it with attachment 316994 [details] [diff] [review], then it works.

Comment 19 Robert Relyea 2008-04-22 08:56:38 PDT
Comment on attachment 316994 [details] [diff] [review]
Test case + some cleanup.

Good catch slavo...

please fix the -o in the echo statement for VALUE3 to be -i before you check in.

Comment 20 Slavomir Katuscak 2008-04-22 09:39:20 PDT
Checking in;
/cvsroot/mozilla/security/nss/tests/sdr/,v  <--
new revision: 1.8; previous revision: 1.7
Comment 21 Nelson Bolyard (seldom reads bugmail) 2008-05-29 14:22:20 PDT
IS this bug fixed?
Did the fix get into 3.12.0 RC4?  
Or will it first appear in 3.12.1 ?
If the latter, please update the target fix milestone for this bug.
Comment 22 Kai Engert (:kaie) 2008-05-29 14:37:16 PDT
Nelson, we did what was said in comment 4, 5 and 6.
The RC 2 tag was created with the regression culprit backed out.
The crash was fixed.

In order to fix the bad patch (from bug 423093), in preparation for landing it again, a patch attached to this bug has been proposed, it's attachment 314372 [details] [diff] [review].

But apparently the original patch + incremental patch have not yet been checked in to trunk.

I think, for clarity, the incremental patch (attachment 314372 [details] [diff] [review]) should get moved over to bug 423093, and this bug (the crasher) should get closed.
Comment 23 Robert Relyea 2008-05-29 14:46:16 PDT
checked into 3.12.1
Checking in pk11sdr.c;
/cvsroot/mozilla/security/nss/lib/pk11wrap/pk11sdr.c,v  <--  pk11sdr.c
new revision: 1.22; previous revision: 1.21
Comment 24 Nelson Bolyard (seldom reads bugmail) 2008-05-29 14:48:25 PDT
I agree with Kai,
This bug (the crash) was fixed in 3.12.0.
As a result of the above checkin, Bug 423093 should be marked fixed
in 3.12.1.

Note You need to log in before you can comment on or make changes to this bug.