754771 – [PEM] an unregistered callback causes a SIGSEGV

Bug 754771 - [PEM] an unregistered callback causes a SIGSEGV

Summary: [PEM] an unregistered callback causes a SIGSEGV

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	nss
Sub Component:
Version:	16
Hardware:	Unspecified
OS:	Unspecified
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Elio Maldonado Batiz
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	702083 733657 733749 733752 746629 768669 1002271
TreeView+	depends on / blocked

Reported:	2011-11-17 17:17 UTC by Kamil Dudka
Modified:	2013-08-28 18:52 UTC (History)
CC List:	5 users (show)
Fixed In Version:	nss-3.13.1-8.fc17
Clone Of:	733685
Clones:	768669 (view as bug list)
Environment:
Last Closed:	2012-03-14 17:52:00 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)
Initializes pointers to functions (540 bytes, patch) 2011-12-12 17:59 UTC, Elio Maldonado Batiz	kdudka: review+	Details \| Diff
View All

Description Kamil Dudka 2011-11-17 17:17:20 UTC

+++ This bug was initially created as a clone of Bug #733685 +++

--- Additional comment from kdudka on 2011-08-26 15:52:53 CEST ---

I needed the following patch:

diff --git a/pinst.c b/pinst.c
index 70f5f4e..d35d7cf 100644
--- a/pinst.c
+++ b/pinst.c
@@ -349,6 +349,9 @@ AddObjectIfNeeded(CK_OBJECT_CLASS objClass,
     if (io == NULL)
         return NULL;

+    /* initialize pointers to functions */
+    pem_CreateMDObject(NULL, io, NULL);
+
     io->gobjIndex = count;

     /* add object to global array */


... to get over the following crash:

#0  0x0000000000000000 in ?? ()
#1  0x00007ffff04bd4f7 in pem_mdObject_GetAttributeSize (mdObject=0x721b60, ...)
#2  0x00007ffff04c2c9e in nssCKFWObject_GetAttributeSize (fwObject=0x6fb9c0,...)
#3  0x00007ffff04cbec7 in NSSCKFWC_GetAttributeValue (fwInstance=0x6f6580, ...)
#4  0x00007ffff04b8eaa in pemC_GetAttributeValue (hSession=2, hObject=2, ...)
#5  0x00007ffff75904e2 in PK11_ReadAttribute (slot=0x6fa700, id=2, type=17, ...)
#6  0x00007ffff75930cb in PK11_ReadRawAttribute (objType=PK11_TypeGeneric, ...)
#7  0x00007ffff7dc7e2d in SelectClientCert (arg=0x62efe8, sock=0x7207b0, ...)

--- Additional comment from emaldona on 2011-08-26 19:04:05 CEST ---

Ah, we now add to the global internal list a fully constructed object. The invocation of pem_CreateMDObject(NULL, io, NULL); is solely for it's side effect of setting the function pointers so a (void) cast seems in order.  Additionally, the (void) pem_CreateMDObject(NULL, io, NULL); could be inside CreateObject itself.

At some point should analyze why need CreateObject and pem_createObject. That's food for the upstream work, not now.

Comment 1 Kamil Dudka 2011-12-12 13:09:24 UTC

Elio, is there anything that prevents this one-liner from being applied?

Comment 2 Elio Maldonado Batiz 2011-12-12 17:59:50 UTC

Created attachment 545843 [details]
Initializes pointers to functions

Modified to account for code movement since Kamil first proposed it.

Comment 3 Elio Maldonado Batiz 2012-03-14 06:46:50 UTC


*** This bug has been marked as a duplicate of bug 768669 ***

Comment 4 Kamil Dudka 2012-03-14 07:30:08 UTC

Fedora bugs should not be closed as duplicates of RHEL bugs.  Although this bug has never been added to any update, it appears fixed in Fedora 16.  If it is not the case, please update the status accordingly.

Comment 5 Elio Maldonado Batiz 2012-03-14 17:52:00 UTC

In https://admin.fedoraproject.org/updates/FEDORA-2012-1064/nss-3.13.1-11.fc16 I didn't list it. Closing it then.

Note You need to log in before you can comment on or make changes to this bug.