Closed Bug 472291 Opened 15 years ago Closed 15 years ago

crash in libpkix object leak tests due to null pointer dereferencing in pkix_build.c:3218.

Categories

(NSS :: Libraries, defect, P1)

defect

Tracking

(Not tracked)

RESOLVED FIXED
3.12.3

People

(Reporter: slavomir.katuscak+mozilla, Assigned: alvolkov.bgs)

Details

(Whiteboard: PKIX)

Attachments

(1 file)

Occured on Tinderbox machine communist when running PKIX tests, this machine use special environment variables NSS_ENABLE_PKIX_VERIFY=1 and PKIX_OBJECT_LEAK_TEST=1. This failure occurs there in many vfychain tests on this machine.

From DBX log:
---
Running: vfychain -d AllDB -pp -vv UserBridge.der -t Army
(process id 8976)
RTC: Enabling Error Checking...
RTC: Running program...
t@1 (l@1) signal SEGV (no mapping at the fault address) in pkix_BuildForwardDepthFirstSearch at line 3218 in file "pkix_build.c"
 3218               while (state->parentState) {
---
It is a regression introduced by fix for bug 470070.

Should get rid of

3230 PKIX_DECREF(prntState);

since the counter on the object was already decremented by pkix_ForwardBuilderState_Destroy function.
Status: NEW → ASSIGNED
Priority: -- → P1
Comment on attachment 355638 [details] [diff] [review]
Remove PKIX_DECREF on prntState object(pkix_build.c:3230)


>-                PKIX_DECREF(prntState);
>+                /* No need to decref the parent state. It was already done by
>+                 * pkix_ForwardBuilderState_Destroy function. */

Where (in what code) and when did pkix_ForwardBuilderState_Destroy get called?
What was the call stack for that call?
Attachment #355638 - Flags: review? → review?(nelson)
pkix_ForwardBuilderState_Destroy is called by PKIX_PL_Object_DecRef call before object memory is freed.
Comment on attachment 355638 [details] [diff] [review]
Remove PKIX_DECREF on prntState object(pkix_build.c:3230)

r=nelson
Attachment #355638 - Flags: review?(nelson) → review+
Summary: Vfychain tests sometimes failed when debugging options are enabled. → crash in libpkix object leak tests due to null pointer dereferencing in pkix_build.c:3218.
did this patch get landed or is it ready to land now?
the patch was landed in Jan. Closing the bug...
Status: ASSIGNED → RESOLVED
Closed: 15 years ago
Resolution: --- → FIXED
Whiteboard: PKIX
OS: Solaris → All
Hardware: Sun → All
You need to log in before you can comment on or make changes to this bug.