492170 - Crash or data corruption in NSPR's TransmitFile and SendFile on HPUX

Status: RESOLVED FIXED

(NSPR :: NSPR, defect)

Description

[Nelson Bolyard (seldom reads bugmail)]

While working on bug 439144, by code inspection, Wan-Teh found a nasty bug
in a routine common to NSPR sendfile and transmit file on HPUX only.  
This may well have been causing crashes or data corruption in sent files.
The patch he wrote for it is:

>@@ -1012,17 +1012,17 @@ static PRBool pt_hpux_sendfile_cont(pt_C

>-            hdtrl[0].iov_base = ((char *) hdtrl[0].iov_len) + count;
>+            hdtrl[0].iov_base = ((char *) hdtrl[0].iov_base) + count;
>             hdtrl[0].iov_len -= count;

Comment 1

[Nelson Bolyard (seldom reads bugmail)]

This bug was introduced in NSPR 3.5 in 1999, and has been present in all
version of NSPR for HPUX produced since then.

Comment 2

[Wan-Teh Chang]

Attachment: Proposed patch

I guess it's extremely rare for a non-blocking sendfile call to
be unable to send the entire header before blocking, which is why
we haven't seen reports of this crash.

Comment 3

[Nelson Bolyard (seldom reads bugmail)]

Comment on attachment 376582 [details] [diff] [review]
Proposed patch

r=nelson

Comment 4

[Wan-Teh Chang]

I checked in the patch on the NSPR trunk (NSPR 4.8).

Checking in ptio.c;
/cvsroot/mozilla/nsprpub/pr/src/pthreads/ptio.c,v  <--  ptio.c
new revision: 3.113; previous revision: 3.112
done

Comment 5

[Wan-Teh Chang]

I backported the patch (attachment 376582 [details] [diff] [review]) to the NSPR_4_7_BRANCH
for NSPR 4.7.5.

Checking in ptio.c;
/cvsroot/mozilla/nsprpub/pr/src/pthreads/ptio.c,v  <--  ptio.c
new revision: 3.110.4.1; previous revision: 3.110
done