Closed Bug 905398 Opened 8 years ago Closed 8 years ago

Data race on nsHttpConnectionInfo::mHashKey

Categories

(Core :: Networking: HTTP, defect)

defect
Not set
normal

Tracking

()

RESOLVED FIXED
mozilla26

People

(Reporter: bent.mozilla, Assigned: mcmanus)

References

Details

Attachments

(1 file)

One thread writes:

  xul.dll!SetCharAt - nststringobsolete.cpp:391
  xul.dll!SetAnonymous - nshttpconnectioninfo.h:89
  xul.dll!SetupTransaction - nshttpchannel.cpp:889
  xul.dll!ContinueConnect - nshttpchannel.cpp:497
  xul.dll!Connect - nshttpchannel.cpp:451
  xul.dll!BeginConnect - nshttpchannel.cpp:4673
  xul.dll!OnProxyAvailable - nshttpchannel.cpp:4751
  xul.dll!DoCallback - nsprotocolproxyservice.cpp:224
  xul.dll!OnQueryComplete - nsprotocolproxyservice.cpp:195
  xul.dll!Run - nspacman.cpp:86
  xul.dll!ProcessNextEvent - nsthread.cpp:622
  xul.dll!NS_ProcessNextEvent - nsthreadutils.cpp:238
  xul.dll!Shutdown - nsthread.cpp:463

While another reads:

  xul.dll!CharAt - nststring.h:90
  xul.dll!Clone - nshttpconnectioninfo.cpp:102
  xul.dll!GetOrCreateConnectionEntry - nshttpconnectionmgr.cpp:2487
  xul.dll!OnMsgSpeculativeConnect - nshttpconnectionmgr.cpp:2529
  xul.dll!Run - nshttpconnectionmgr.h:581
  xul.dll!ProcessNextEvent - nsthread.cpp:622
  xul.dll!NS_ProcessNextEvent - nsthreadutils.cpp:238
  xul.dll!Run - nssockettransportservice2.cpp:652
  xul.dll!ProcessNextEvent - nsthread.cpp:622
  xul.dll!NS_ProcessNextEvent - nsthreadutils.cpp:238
  xul.dll!ThreadFunc - nsthread.cpp:250
  nss3.dll!PR_NativeRunThread - pruthr.c:397
  nss3.dll!pr_root - w95thred.c:90

Marking s-s for now because I don't understand the security implications of getting the anonymous/private stuff wrong in these connections.
I don't think there actually is an impact here. the data being written is the data that is already there.

I'll clean it up though.

https://tbpl.mozilla.org/?tree=Try&rev=dfd8071b8c59
Attachment #792307 - Flags: review?(jduell.mcbugs)
Assignee: nobody → mcmanus
Attachment #792307 - Flags: review?(jduell.mcbugs) → review+
investigation shows this isn't security sensitive
Group: core-security
https://hg.mozilla.org/mozilla-central/rev/f6d8cd174ec9
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla26
You need to log in before you can comment on or make changes to this bug.