Closed Bug 492170 Opened 11 years ago Closed 11 years ago

Crash or data corruption in NSPR's TransmitFile and SendFile on HPUX

Categories

(NSPR :: NSPR, defect)

HP
HP-UX
defect
Not set
major

Tracking

(Not tracked)

RESOLVED FIXED

People

(Reporter: nelson, Assigned: wtc)

Details

(Whiteboard: [4.7.5])

Attachments

(1 file)

While working on bug 439144, by code inspection, Wan-Teh found a nasty bug
in a routine common to NSPR sendfile and transmit file on HPUX only.  
This may well have been causing crashes or data corruption in sent files.
The patch he wrote for it is:

>@@ -1012,17 +1012,17 @@ static PRBool pt_hpux_sendfile_cont(pt_C

>-            hdtrl[0].iov_base = ((char *) hdtrl[0].iov_len) + count;
>+            hdtrl[0].iov_base = ((char *) hdtrl[0].iov_base) + count;
>             hdtrl[0].iov_len -= count;
This bug was introduced in NSPR 3.5 in 1999, and has been present in all
version of NSPR for HPUX produced since then.
Version: 4.6 → 3.5
Attached patch Proposed patchSplinter Review
I guess it's extremely rare for a non-blocking sendfile call to
be unable to send the entire header before blocking, which is why
we haven't seen reports of this crash.
Attachment #376582 - Flags: review?(nelson)
Comment on attachment 376582 [details] [diff] [review]
Proposed patch

r=nelson
Attachment #376582 - Flags: review?(nelson) → review+
I checked in the patch on the NSPR trunk (NSPR 4.8).

Checking in ptio.c;
/cvsroot/mozilla/nsprpub/pr/src/pthreads/ptio.c,v  <--  ptio.c
new revision: 3.113; previous revision: 3.112
done
Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → FIXED
Whiteboard: [consider for 4.7.5]
Target Milestone: --- → 4.8
I backported the patch (attachment 376582 [details] [diff] [review]) to the NSPR_4_7_BRANCH
for NSPR 4.7.5.

Checking in ptio.c;
/cvsroot/mozilla/nsprpub/pr/src/pthreads/ptio.c,v  <--  ptio.c
new revision: 3.110.4.1; previous revision: 3.110
done
Whiteboard: [consider for 4.7.5] → [4.7.5]
You need to log in before you can comment on or make changes to this bug.