| Summary: | premature unloading of softoken crashes libcurl | ||||||||
|---|---|---|---|---|---|---|---|---|---|
| Product: | Red Hat Enterprise Linux 6 | Reporter: | Kamil Dudka <kdudka> | ||||||
| Component: | nss | Assignee: | Elio Maldonado Batiz <emaldona> | ||||||
| Status: | CLOSED ERRATA | QA Contact: | Aleš Mareček <amarecek> | ||||||
| Severity: | high | Docs Contact: | |||||||
| Priority: | high | ||||||||
| Version: | 6.2 | CC: | amarecek, jrieden, ksrot, rrelyea | ||||||
| Target Milestone: | rc | Keywords: | Patch | ||||||
| Target Release: | --- | ||||||||
| Hardware: | Unspecified | ||||||||
| OS: | Unspecified | ||||||||
| Whiteboard: | |||||||||
| Fixed In Version: | nss-3.13.3-3.el6 | Doc Type: | Bug Fix | ||||||
| Doc Text: |
No documentation needed
|
Story Points: | --- | ||||||
| Clone Of: | Environment: | ||||||||
| Last Closed: | 2012-06-20 07:23:39 UTC | Type: | --- | ||||||
| Regression: | --- | Mount Type: | --- | ||||||
| Documentation: | --- | CRM: | |||||||
| Verified Versions: | Category: | --- | |||||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||||
| Attachments: |
|
||||||||
Created attachment 551005 [details]
a test-case
Created attachment 551006 [details]
a proposed fix
Comment on attachment 551006 [details]
a proposed fix
r+ rrelyea
good catch Kamil.
elio same drill with upstreaming this patch.
bob
Elio, no upstream bug has been linked to this yet. bob (In reply to comment #5) See External tracker. Fixed upstream and this bug gets fixed by updating to 3.13.3.
Technical note added. If any revisions are required, please edit the "Technical Notes" field
accordingly. All revisions will be proofread by the Engineering Content Services team.
New Contents:
No documentation needed
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHSA-2012-0973.html |
Description of problem: The increment of softokenLoadCount is not in par with its decrement. Version-Release number of selected component (if applicable): nss-3.12.10-17.1.el6 How reproducible: 100 % Steps to Reproduce: 1. run the attached test-case Actual results: (gdb) break pk11load.c:600 Breakpoint 1 at 0x3d59c4992c: file pk11load.c, line 600. (gdb) run Breakpoint 1, SECMOD_UnloadModule (mod=0x67dae0) at pk11load.c:600 600 if (0 == PR_ATOMIC_DECREMENT(&softokenLoadCount)) { (gdb) display softokenLoadCount (gdb) continue Breakpoint 1, SECMOD_UnloadModule (mod=0x612dc0) at pk11load.c:600 600 if (0 == PR_ATOMIC_DECREMENT(&softokenLoadCount)) { 1: softokenLoadCount = 3 (gdb) Breakpoint 1, SECMOD_UnloadModule (mod=0x67b9e0) at pk11load.c:600 600 if (0 == PR_ATOMIC_DECREMENT(&softokenLoadCount)) { 1: softokenLoadCount = 2 (gdb) print mod->moduleDBFunc $1 = (void *) 0x330a40ddc0 (gdb) info symbol mod->moduleDBFunc NSC_ModuleDBFunc in section .text of /usr/lib64/libsoftokn3.so (gdb) continue Breakpoint 1, SECMOD_UnloadModule (mod=0x612080) at pk11load.c:600 600 if (0 == PR_ATOMIC_DECREMENT(&softokenLoadCount)) { 1: softokenLoadCount = 1 (gdb) Breakpoint 1, SECMOD_UnloadModule (mod=0x610ba0) at pk11load.c:600 600 if (0 == PR_ATOMIC_DECREMENT(&softokenLoadCount)) { 1: softokenLoadCount = 0 (gdb) test_instance() succeeded 0/16 Breakpoint 1, SECMOD_UnloadModule (mod=0x6732c0) at pk11load.c:600 600 if (0 == PR_ATOMIC_DECREMENT(&softokenLoadCount)) { 1: softokenLoadCount = 3 (gdb) Breakpoint 1, SECMOD_UnloadModule (mod=0x67b9e0) at pk11load.c:600 600 if (0 == PR_ATOMIC_DECREMENT(&softokenLoadCount)) { 1: softokenLoadCount = 2 (gdb) Breakpoint 1, SECMOD_UnloadModule (mod=0x612dc0) at pk11load.c:600 600 if (0 == PR_ATOMIC_DECREMENT(&softokenLoadCount)) { 1: softokenLoadCount = 1 (gdb) Breakpoint 1, SECMOD_UnloadModule (mod=0x612080) at pk11load.c:600 600 if (0 == PR_ATOMIC_DECREMENT(&softokenLoadCount)) { 1: softokenLoadCount = 0 (gdb) Breakpoint 1, SECMOD_UnloadModule (mod=0x610ba0) at pk11load.c:600 600 if (0 == PR_ATOMIC_DECREMENT(&softokenLoadCount)) { 1: softokenLoadCount = -1 (gdb) test_instance() succeeded 1/16 Breakpoint 1, SECMOD_UnloadModule (mod=0x6716b0) at pk11load.c:600 600 if (0 == PR_ATOMIC_DECREMENT(&softokenLoadCount)) { 1: softokenLoadCount = 2 (gdb) Breakpoint 1, SECMOD_UnloadModule (mod=0x612dc0) at pk11load.c:600 600 if (0 == PR_ATOMIC_DECREMENT(&softokenLoadCount)) { 1: softokenLoadCount = 1 (gdb) Breakpoint 1, SECMOD_UnloadModule (mod=0x63c580) at pk11load.c:600 600 if (0 == PR_ATOMIC_DECREMENT(&softokenLoadCount)) { 1: softokenLoadCount = 0 (gdb) Breakpoint 1, SECMOD_UnloadModule (mod=0x612080) at pk11load.c:600 600 if (0 == PR_ATOMIC_DECREMENT(&softokenLoadCount)) { 1: softokenLoadCount = -1 (gdb) Breakpoint 1, SECMOD_UnloadModule (mod=0x610ba0) at pk11load.c:600 600 if (0 == PR_ATOMIC_DECREMENT(&softokenLoadCount)) { 1: softokenLoadCount = -2 (gdb) test_instance() succeeded 2/16 Breakpoint 1, SECMOD_UnloadModule (mod=0x6e8de0) at pk11load.c:600 600 if (0 == PR_ATOMIC_DECREMENT(&softokenLoadCount)) { 1: softokenLoadCount = 1 (gdb) Program received signal SIGSEGV, Segmentation fault. 0x000000330a40ddc0 in ?? () (gdb) up #1 0x0000003d59c589be in SECMOD_FreeModuleSpecList (module=0x610ba0, moduleSpecList=0x60d110) at pk11pars.c:1077 1077 retString = (*func)(SECMOD_MODULE_DB_FUNCTION_RELEASE, (gdb) print func $2 = (SECMODModuleDBFunc) 0x330a40ddc0 (gdb) info symbol func No symbol matches func.