Closed Bug 863534 Opened 11 years ago Closed 5 years ago

crash in PKIX_List_GetItem


(NSS :: Libraries, defect)

Not set


(b2g18 affected, b2g18-v1.0.0 wontfix, b2g18-v1.0.1 affected)

Tracking Status
b2g18 --- affected
b2g18-v1.0.0 --- wontfix
b2g18-v1.0.1 --- affected


(Reporter: briansmith, Unassigned)



(Keywords: crash, perf)

Crash Data

+++ This bug was initially created as a clone of Bug #787155 +++

Possible a race condition in the libpkix cert cache. I worked around this on B2G by disabling Gecko's usage of libpkix. But, this occurs on other platforms (relatively rarely) and so it should be fixed.

This bug was filed from the Socorro interface and is 
report bp-3e9ed381-d082-4f27-9c6d-926a22120828 .
0	nss3.dll	PKIX_List_GetItem	security/nss/lib/libpkix/pkix/util/pkix_list.c:1553
1	nss3.dll	pkix_CacheCert_Lookup	security/nss/lib/libpkix/pkix/util/pkix_tools.c:1072
2	nss3.dll	pkix_Build_GatherCerts	security/nss/lib/libpkix/pkix/top/pkix_build.c:1800
3	nss3.dll	pkix_BuildForwardDepthFirstSearch	security/nss/lib/libpkix/pkix/top/pkix_build.c:2377
4	nss3.dll	pkix_Build_InitiateBuildChain	security/nss/lib/libpkix/pkix/top/pkix_build.c:3615
5	nss3.dll	PKIX_BuildChain	security/nss/lib/libpkix/pkix/top/pkix_build.c:3786
6	nss3.dll	CERT_PKIXVerifyCert	security/nss/lib/certhigh/certvfypkix.c:2204
7	xul.dll	nsNSSCertificate::hasValidEVOidTag	security/manager/ssl/src/nsIdentityChecking.cpp:1189
8	xul.dll	nsNSSCertificate::getValidEVOidTag	security/manager/ssl/src/nsIdentityChecking.cpp:1224
9	xul.dll	nsNSSCertificate::GetIsExtendedValidation	security/manager/ssl/src/nsIdentityChecking.cpp:1250 

firefox bp-ece0c31e-cdad-48fc-aa94-41dbf2120803

crashes in all releases of the past year. and all OS
nothing especially useful in any of the crash comments afaict.
No longer depends on: 787155
Priority: P1 → --
Looks like a ref-counting ordering issue

PKIX_PL_HashTable_Remove gives up the lock before decrementing the reference count of the item.

Whereas PKIX_PL_HashTable_Lookup properly increments the ref-count under the lock

It seems like line 310, , is entirely incorrect, given the code on 320/322 that handles unlocking.

Brian, do you want to just nuke 310 and see if that works for you?
Er, n/m, I missed that pkix_pl_PrimHashTable_Remove is transferring ownership back to the caller, so the fact that it's done outside of the lock should be fine.
Removing blocking-b2g flag because there is a wallpaper fix in bug 787155.
blocking-b2g: tef+ → ---
Whiteboard: [tbird crash][b2g-crash][eta:2013-04-19][madrid]

Closing because no crashes reported for 12 weeks.

Closed: 5 years ago
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.