Closed
Bug 806829
Opened 12 years ago
Closed 12 years ago
WebRTC possible data race with ccsnap_device_pre_init vs. strlib_malloc
Categories
(Core :: WebRTC: Signaling, defect, P2)
Tracking
()
RESOLVED
FIXED
mozilla20
People
(Reporter: posidron, Assigned: ehugg)
References
Details
(Whiteboard: [tsan] [WebRTC] [blocking-webrtc-][qa-])
Attachments
(2 files)
|
2.90 KB,
text/plain
|
Details | |
|
6.47 KB,
patch
|
jesup
:
review+
|
Details | Diff | Splinter Review |
media/webrtc/signaling/src/sipcc/core/ccapp/ccapi_snapshot.c:329
if ((g_deviceInfo.name) && (strlen(g_deviceInfo.name) > 0)) {
strlib_free(g_deviceInfo.name);
}
media/webrtc/signaling/src/sipcc/core/src-common/string_lib.c:68
sstrncpy(temp->data, str, length + 1);
temp->data[length] = '\0';
return STRUCT_TO_STR(temp);
Marked as s-s because memory functions are involved, please downgrade if necessary.
Tested with m-c changeset: 111684:e19e170d2f6d
|
||
Updated•12 years ago
|
Whiteboard: [tsan] → [tsan] [WebRTC] [blocking-webrtc+]
|
||
Comment 1•12 years ago
|
||
Does this stack make any sense? Why is webrtc signalling code (pretty standalone, imported from external right?) accessing memory allocated as part of a nsTArray deep inside a nsFrame? For that matter why does nsPresArena::State::Free call nsTArray::AppendElement?
|
Reporter | |
Comment 2•12 years ago
|
||
In retrospect this is very likely a false positive since there are also no locks involved and the run mode was pure-happens-before.
|
||
Comment 3•12 years ago
|
||
Christophe want to open this bug up?
|
||
Comment 5•12 years ago
|
||
Seems very unlikely to be real
Assignee: nobody → ethanhugg
Priority: -- → P2
Whiteboard: [tsan] [WebRTC] [blocking-webrtc+] → [tsan] [WebRTC] [blocking-webrtc-]
|
Assignee | |
Comment 6•12 years ago
|
||
|
|
Assignee | |
Comment 7•12 years ago
|
||
Comment on attachment 692446 [details] [diff] [review]
Signaling - remove g_deviceInfo.name
I had a suspicion that g_deviceInfo.name was never set, so in order to prove it I made a patch that removes it all together. We could either push this patch to simplify the code, or use it as proof that this race won't happen since it's never set.
Attachment #692446 -
Flags: feedback?(rjesup)
|
|
Assignee | |
Updated•12 years ago
|
Attachment #692446 -
Flags: feedback?(rjesup) → review?(rjesup)
|
|
||
Updated•12 years ago
|
Attachment #692446 -
Flags: review?(rjesup) → review+
|
|
||
Comment 8•12 years ago
|
||
Comment on attachment 692446 [details] [diff] [review]
Signaling - remove g_deviceInfo.name
Review of attachment 692446 [details] [diff] [review]:
-----------------------------------------------------------------
::: media/webrtc/signaling/src/sipcc/core/ccapp/ccapi_device_info.c
@@ +30,5 @@
> * gets the device name
> * @returns - a pointer to the device name
> */
> cc_string_t CCAPI_DeviceInfo_getDeviceName (cc_deviceinfo_ref_t handle)
> {
At least debug here since we're not giving it a real devicename
|
|
Assignee | |
Comment 9•12 years ago
|
||
|
||
Comment 10•12 years ago
|
||
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla20
|
|
||
Updated•12 years ago
|
Whiteboard: [tsan] [WebRTC] [blocking-webrtc-] → [tsan] [WebRTC] [blocking-webrtc-][qa-]
You need to log in
before you can comment on or make changes to this bug.
Description
•