Closed
Bug 715666
Opened 14 years ago
Closed 13 years ago
premature unloading of softoken crashes libcurl
Categories
(NSS :: Libraries, defect, P1)
Tracking
(Not tracked)
RESOLVED
FIXED
3.13.2
People
(Reporter: elio.maldonado.batiz, Assigned: elio.maldonado.batiz)
Details
Attachments
(2 files)
1.51 KB,
text/x-csrc
|
Details | |
1019 bytes,
patch
|
rrelyea
:
review+
|
Details | Diff | Splinter Review |
As reported downstream on RHEL 6.2 by Kamil Dudka:
Kamil Dudka 2012-01-05 14:57:25 EST
Description of problem:
The increment of softokenLoadCount is not in par with its decrement.
Version-Release number of selected component (if applicable):
nss-3.12.10-17.1.el6
How reproducible:
100 %
Steps to Reproduce:
1. run the attached test-case
Actual results:
(gdb) break pk11load.c:600
Breakpoint 1 at 0x3d59c4992c: file pk11load.c, line 600.
(gdb) run
Breakpoint 1, SECMOD_UnloadModule (mod=0x67dae0) at pk11load.c:600
600 if (0 == PR_ATOMIC_DECREMENT(&softokenLoadCount)) {
(gdb) display softokenLoadCount
(gdb) continue
Breakpoint 1, SECMOD_UnloadModule (mod=0x612dc0) at pk11load.c:600
600 if (0 == PR_ATOMIC_DECREMENT(&softokenLoadCount)) {
1: softokenLoadCount = 3
(gdb)
Breakpoint 1, SECMOD_UnloadModule (mod=0x67b9e0) at pk11load.c:600
600 if (0 == PR_ATOMIC_DECREMENT(&softokenLoadCount)) {
1: softokenLoadCount = 2
(gdb) print mod->moduleDBFunc
$1 = (void *) 0x330a40ddc0
(gdb) info symbol mod->moduleDBFunc
NSC_ModuleDBFunc in section .text of /usr/lib64/libsoftokn3.so
(gdb) continue
Breakpoint 1, SECMOD_UnloadModule (mod=0x612080) at pk11load.c:600
600 if (0 == PR_ATOMIC_DECREMENT(&softokenLoadCount)) {
1: softokenLoadCount = 1
(gdb)
Breakpoint 1, SECMOD_UnloadModule (mod=0x610ba0) at pk11load.c:600
600 if (0 == PR_ATOMIC_DECREMENT(&softokenLoadCount)) {
1: softokenLoadCount = 0
(gdb)
test_instance() succeeded 0/16
Breakpoint 1, SECMOD_UnloadModule (mod=0x6732c0) at pk11load.c:600
600 if (0 == PR_ATOMIC_DECREMENT(&softokenLoadCount)) {
1: softokenLoadCount = 3
(gdb)
Breakpoint 1, SECMOD_UnloadModule (mod=0x67b9e0) at pk11load.c:600
600 if (0 == PR_ATOMIC_DECREMENT(&softokenLoadCount)) {
1: softokenLoadCount = 2
(gdb)
Breakpoint 1, SECMOD_UnloadModule (mod=0x612dc0) at pk11load.c:600
600 if (0 == PR_ATOMIC_DECREMENT(&softokenLoadCount)) {
1: softokenLoadCount = 1
(gdb)
Breakpoint 1, SECMOD_UnloadModule (mod=0x612080) at pk11load.c:600
600 if (0 == PR_ATOMIC_DECREMENT(&softokenLoadCount)) {
1: softokenLoadCount = 0
(gdb)
Breakpoint 1, SECMOD_UnloadModule (mod=0x610ba0) at pk11load.c:600
600 if (0 == PR_ATOMIC_DECREMENT(&softokenLoadCount)) {
1: softokenLoadCount = -1
(gdb)
test_instance() succeeded 1/16
Breakpoint 1, SECMOD_UnloadModule (mod=0x6716b0) at pk11load.c:600
600 if (0 == PR_ATOMIC_DECREMENT(&softokenLoadCount)) {
1: softokenLoadCount = 2
(gdb)
Breakpoint 1, SECMOD_UnloadModule (mod=0x612dc0) at pk11load.c:600
600 if (0 == PR_ATOMIC_DECREMENT(&softokenLoadCount)) {
1: softokenLoadCount = 1
(gdb)
Breakpoint 1, SECMOD_UnloadModule (mod=0x63c580) at pk11load.c:600
600 if (0 == PR_ATOMIC_DECREMENT(&softokenLoadCount)) {
1: softokenLoadCount = 0
(gdb)
Breakpoint 1, SECMOD_UnloadModule (mod=0x612080) at pk11load.c:600
600 if (0 == PR_ATOMIC_DECREMENT(&softokenLoadCount)) {
1: softokenLoadCount = -1
(gdb)
Breakpoint 1, SECMOD_UnloadModule (mod=0x610ba0) at pk11load.c:600
600 if (0 == PR_ATOMIC_DECREMENT(&softokenLoadCount)) {
1: softokenLoadCount = -2
(gdb)
test_instance() succeeded 2/16
Breakpoint 1, SECMOD_UnloadModule (mod=0x6e8de0) at pk11load.c:600
600 if (0 == PR_ATOMIC_DECREMENT(&softokenLoadCount)) {
1: softokenLoadCount = 1
(gdb)
Program received signal SIGSEGV, Segmentation fault.
0x000000330a40ddc0 in ?? ()
(gdb) up
#1 0x0000003d59c589be in SECMOD_FreeModuleSpecList (module=0x610ba0,
moduleSpecList=0x60d110) at pk11pars.c:1077
1077 retString = (*func)(SECMOD_MODULE_DB_FUNCTION_RELEASE,
(gdb) print func
$2 = (SECMODModuleDBFunc) 0x330a40ddc0
(gdb) info symbol func
No symbol matches func.
[reply] [-]
Private
Comment 1 Kamil Dudka 2012-01-05 15:02:43 EST
Created attachment 551005 [details] [diff] [review]
a test-case
[reply] [-]
Private
Comment 2 Kamil Dudka 2012-01-05 15:03:28 EST
Created attachment 551006 [details] [diff] [review]
a proposed fix
[reply] [-]
Private
Comment 3 Bob Relyea 2012-01-05 16:36:08 EST
Comment on attachment 551006 [details] [diff] [review]
a proposed fix
r+ rrelyea
good catch Kamil.
elio same drill with upstreaming this patch.
bob
Assignee | ||
Comment 1•14 years ago
|
||
This patch was reviewed downstream by Bob.
Attachment #586220 -
Flags: review?(rrelyea)
Assignee | ||
Updated•14 years ago
|
Assignee: nobody → emaldona
Comment 2•13 years ago
|
||
Comment on attachment 586220 [details] [diff] [review]
Kamil's proposed fix
r+ rrelyea
Attachment #586220 -
Flags: review?(rrelyea) → review+
Assignee | ||
Updated•13 years ago
|
Summary: premature unloading of softoken crashes libcur → premature unloading of softoken crashes libcurl
Assignee | ||
Comment 3•13 years ago
|
||
Checked in to trunk:
cvs commit -m "Bug 715666 - premature unloading of softoken crashes libcurl, contributed by Kamil Dudka, r=rrelyea" ./mozilla/security/nss/lib/pk11wrap/pk11load.c
Checking in ./mozilla/security/nss/lib/pk11wrap/pk11load.c;
/cvsroot/mozilla/security/nss/lib/pk11wrap/pk11load.c,v <-- pk11load.c
new revision: 1.34; previous revision: 1.33
Status: NEW → RESOLVED
Closed: 13 years ago
Resolution: --- → FIXED
Updated•13 years ago
|
OS: Linux → All
Priority: -- → P1
Hardware: x86_64 → All
Target Milestone: --- → 3.13.2
You need to log in
before you can comment on or make changes to this bug.
Description
•