Bug 754771 - [PEM] an unregistered callback causes a SIGSEGV
Summary: [PEM] an unregistered callback causes a SIGSEGV
Alias: None
Product: Fedora
Classification: Fedora
Component: nss
Version: 16
Hardware: Unspecified
OS: Unspecified
Target Milestone: ---
Assignee: Elio Maldonado Batiz
QA Contact: Fedora Extras Quality Assurance
Depends On:
Blocks: 702083 733657 733749 733752 746629 768669 1002271
TreeView+ depends on / blocked
Reported: 2011-11-17 17:17 UTC by Kamil Dudka
Modified: 2013-08-28 18:52 UTC (History)
5 users (show)

Fixed In Version: nss-3.13.1-8.fc17
Doc Type: Bug Fix
Doc Text:
Clone Of: 733685
: 768669 (view as bug list)
Last Closed: 2012-03-14 17:52:00 UTC
Type: ---

Attachments (Terms of Use)
Initializes pointers to functions (540 bytes, patch)
2011-12-12 17:59 UTC, Elio Maldonado Batiz
kdudka: review+
Details | Diff

Description Kamil Dudka 2011-11-17 17:17:20 UTC
+++ This bug was initially created as a clone of Bug #733685 +++

--- Additional comment from kdudka on 2011-08-26 15:52:53 CEST ---

I needed the following patch:

diff --git a/pinst.c b/pinst.c
index 70f5f4e..d35d7cf 100644
--- a/pinst.c
+++ b/pinst.c
@@ -349,6 +349,9 @@ AddObjectIfNeeded(CK_OBJECT_CLASS objClass,
     if (io == NULL)
         return NULL;

+    /* initialize pointers to functions */
+    pem_CreateMDObject(NULL, io, NULL);
     io->gobjIndex = count;

     /* add object to global array */

... to get over the following crash:

#0  0x0000000000000000 in ?? ()
#1  0x00007ffff04bd4f7 in pem_mdObject_GetAttributeSize (mdObject=0x721b60, ...)
#2  0x00007ffff04c2c9e in nssCKFWObject_GetAttributeSize (fwObject=0x6fb9c0,...)
#3  0x00007ffff04cbec7 in NSSCKFWC_GetAttributeValue (fwInstance=0x6f6580, ...)
#4  0x00007ffff04b8eaa in pemC_GetAttributeValue (hSession=2, hObject=2, ...)
#5  0x00007ffff75904e2 in PK11_ReadAttribute (slot=0x6fa700, id=2, type=17, ...)
#6  0x00007ffff75930cb in PK11_ReadRawAttribute (objType=PK11_TypeGeneric, ...)
#7  0x00007ffff7dc7e2d in SelectClientCert (arg=0x62efe8, sock=0x7207b0, ...)

--- Additional comment from emaldona on 2011-08-26 19:04:05 CEST ---

Ah, we now add to the global internal list a fully constructed object. The invocation of pem_CreateMDObject(NULL, io, NULL); is solely for it's side effect of setting the function pointers so a (void) cast seems in order.  Additionally, the (void) pem_CreateMDObject(NULL, io, NULL); could be inside CreateObject itself.

At some point should analyze why need CreateObject and pem_createObject. That's food for the upstream work, not now.

Comment 1 Kamil Dudka 2011-12-12 13:09:24 UTC
Elio, is there anything that prevents this one-liner from being applied?

Comment 2 Elio Maldonado Batiz 2011-12-12 17:59:50 UTC
Created attachment 545843 [details]
Initializes pointers to functions

Modified to account for code movement since Kamil first proposed it.

Comment 3 Elio Maldonado Batiz 2012-03-14 06:46:50 UTC

*** This bug has been marked as a duplicate of bug 768669 ***

Comment 4 Kamil Dudka 2012-03-14 07:30:08 UTC
Fedora bugs should not be closed as duplicates of RHEL bugs.  Although this bug has never been added to any update, it appears fixed in Fedora 16.  If it is not the case, please update the status accordingly.

Comment 5 Elio Maldonado Batiz 2012-03-14 17:52:00 UTC
In https://admin.fedoraproject.org/updates/FEDORA-2012-1064/nss-3.13.1-11.fc16 I didn't list it. Closing it then.

Note You need to log in before you can comment on or make changes to this bug.