Crash or data corruption in NSPR's TransmitFile and SendFile on HPUX

RESOLVED FIXED in 4.8

Status

defect
--
major
RESOLVED FIXED
10 years ago
10 years ago

People

(Reporter: nelson, Assigned: wtc)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

(Whiteboard: [4.7.5])

Attachments

(1 attachment)

While working on bug 439144, by code inspection, Wan-Teh found a nasty bug
in a routine common to NSPR sendfile and transmit file on HPUX only.  
This may well have been causing crashes or data corruption in sent files.
The patch he wrote for it is:

>@@ -1012,17 +1012,17 @@ static PRBool pt_hpux_sendfile_cont(pt_C

>-            hdtrl[0].iov_base = ((char *) hdtrl[0].iov_len) + count;
>+            hdtrl[0].iov_base = ((char *) hdtrl[0].iov_base) + count;
>             hdtrl[0].iov_len -= count;
This bug was introduced in NSPR 3.5 in 1999, and has been present in all
version of NSPR for HPUX produced since then.
Version: 4.6 → 3.5
Assignee

Comment 2

10 years ago
I guess it's extremely rare for a non-blocking sendfile call to
be unable to send the entire header before blocking, which is why
we haven't seen reports of this crash.
Attachment #376582 - Flags: review?(nelson)
Comment on attachment 376582 [details] [diff] [review]
Proposed patch

r=nelson
Attachment #376582 - Flags: review?(nelson) → review+
Assignee

Comment 4

10 years ago
I checked in the patch on the NSPR trunk (NSPR 4.8).

Checking in ptio.c;
/cvsroot/mozilla/nsprpub/pr/src/pthreads/ptio.c,v  <--  ptio.c
new revision: 3.113; previous revision: 3.112
done
Status: NEW → RESOLVED
Closed: 10 years ago
Resolution: --- → FIXED
Whiteboard: [consider for 4.7.5]
Target Milestone: --- → 4.8
Assignee

Comment 5

10 years ago
I backported the patch (attachment 376582 [details] [diff] [review]) to the NSPR_4_7_BRANCH
for NSPR 4.7.5.

Checking in ptio.c;
/cvsroot/mozilla/nsprpub/pr/src/pthreads/ptio.c,v  <--  ptio.c
new revision: 3.110.4.1; previous revision: 3.110
done
Whiteboard: [consider for 4.7.5] → [4.7.5]
You need to log in before you can comment on or make changes to this bug.