Bug 663215 - Crash in NSS pk11cxt.c::PK11_CipherOp()
Summary: Crash in NSS pk11cxt.c::PK11_CipherOp()
Keywords:
Status: CLOSED DUPLICATE of bug 657254
Alias: None
Product: Fedora
Classification: Fedora
Component: evolution
Version: rawhide
Hardware: Unspecified
OS: Unspecified
low
medium
Target Milestone: ---
Assignee: Matthew Barnes
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
: 666609 671205 701170 (view as bug list)
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2010-12-15 00:41 UTC by Dan Williams
Modified: 2011-05-02 06:13 UTC (History)
6 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2010-12-15 09:39:47 UTC
Type: ---
Embargoed:

Attachments (Terms of Use)

Description Dan Williams 2010-12-15 00:41:16 UTC 
This is probably NSS fault, feel free to reassign.  But whenever I quit Evolution, it crashes at:

pk11cxt.c::PK11_CipherOp()::738

736         case CKA_DECRYPT:
737             length = maxout;
738             crv=PK11_GETTAB(context->slot)->C_DecryptUpdate(context->session,
739                                                     in, inlen, out, &length);
740             break;

because PK11_GETTAB(context->slot) returns an invalid pointer, which is then dereferenced.

(gdb) p	*context->slot
$9 = {functionList = 0x7f5944b72c40, module = 0x2195800, needTest = 0, isPerm =	1, isHW = 0, isInternal = 3, disabled =	0, reason = PK11_DIS_NONE, 
  readOnly = 1,	needLogin = 0, hasRandom = 1, defRWSession = 0,	isThreadSafe = 1, flags = 1539,	session = 1, sessionLock = 0x220f810, slotID = 1, 
  defaultFlags = 2684370749, refCount =	12, freeListLock = 0x220f8c0, freeSymKeysWithSessionHead = 0x7f5914031300, freeSymKeysHead = 0x7f5914033f90, 
  keyCount = 7,	maxKeyCount = 800, askpw = 0, timeout =	30, authTransact = 0, authTime = 0, minPassword = 0, maxPassword = 0, series = 2, flagSeries = 
    0, flagState = 0, wrapKey =	0, wrapMechanism = 306,	refKeys = {9}, mechanismList = 0x2212700, mechanismCount = 129,	cert_array = 0x0, array_size = 
    0, cert_count = 0, serial =	'0' <repeats 16 times>,	slot_name = 
    "NSS Internal Cryptographic Services", '\000' <repeats 21 times>, "H7 \002\000\000\000\000", token_name = 
    "NSS Generic Crypto Services\000\000\000\000\000", hasRootCerts = 0, hasRootTrust =	0, hasRSAInfo =	0, RSAInfoFlags = 0, protectedAuthPath = 0, 
  isActiveCard = 0, lastLoginCheck = 0,	lastState = 0, nssToken = 0x22f8620, mechanismBits = 
    "\a\a\006\003\003\003\001\000\000\000\000\000\000\000\000\000\a\a\005", '\000' <repeats 13 times>, "\a\a\006\002\002\002\000\000\000\000\000\000\000\
000\000\000\002\002\002\002\002\002\002\000\000\000\000\000\000\000\000\000\003\003\003\002\002\002\000\000\000\000\000\000\000\000\000\000ldd```\000\000
\000\000\000\000\000\000\000\000\f\004\f\b\b\b\000\000\000\000\000\000\000\000\000\000\f\f\f\b\000\b\b\b\000\000\000\000\000\000\000\000\b\b", '\000' <re
peats 14 times>, "\b\b\b", '\000' <repeats 13 times>, "\b\b\000\000\000\000\b\b\b\b\b\b\000\000\000\000\b", '\000' <repeats 15 times>, "\b", '\000' <repe
ats 62 times>}
(gdb) p*(CK_FUNCTION_LIST_PTR)context->slot->functionList
Cannot access memory at address 0x7f5944b72c40

oops.

evolution-2.91.3-1.fc15.x86_64
nss-3.12.8.99.2-1.fc15.x86_64
Comment 2 Milan Crha 2010-12-15 09:39:47 UTC 
Thanks for the investigation. This seems to be an nss bug, and it's filled there already, thus I'm marking this as a duplicate of it.

*** This bug has been marked as a duplicate of bug 657254 ***
Comment 3 Milan Crha 2011-01-06 12:00:59 UTC 
*** Bug 666609 has been marked as a duplicate of this bug. ***
Comment 4 Milan Crha 2011-01-21 11:48:59 UTC 
*** Bug 671205 has been marked as a duplicate of this bug. ***
Comment 5 Milan Crha 2011-05-02 06:13:56 UTC 
*** Bug 701170 has been marked as a duplicate of this bug. ***
Note You need to log in before you can comment on or make changes to this bug.