Hide Forgot
Description of problem: The increment of softokenLoadCount is not in par with its decrement. Version-Release number of selected component (if applicable): nss-3.12.10-17.1.el6 How reproducible: 100 % Steps to Reproduce: 1. run the attached test-case Actual results: (gdb) break pk11load.c:600 Breakpoint 1 at 0x3d59c4992c: file pk11load.c, line 600. (gdb) run Breakpoint 1, SECMOD_UnloadModule (mod=0x67dae0) at pk11load.c:600 600 if (0 == PR_ATOMIC_DECREMENT(&softokenLoadCount)) { (gdb) display softokenLoadCount (gdb) continue Breakpoint 1, SECMOD_UnloadModule (mod=0x612dc0) at pk11load.c:600 600 if (0 == PR_ATOMIC_DECREMENT(&softokenLoadCount)) { 1: softokenLoadCount = 3 (gdb) Breakpoint 1, SECMOD_UnloadModule (mod=0x67b9e0) at pk11load.c:600 600 if (0 == PR_ATOMIC_DECREMENT(&softokenLoadCount)) { 1: softokenLoadCount = 2 (gdb) print mod->moduleDBFunc $1 = (void *) 0x330a40ddc0 (gdb) info symbol mod->moduleDBFunc NSC_ModuleDBFunc in section .text of /usr/lib64/libsoftokn3.so (gdb) continue Breakpoint 1, SECMOD_UnloadModule (mod=0x612080) at pk11load.c:600 600 if (0 == PR_ATOMIC_DECREMENT(&softokenLoadCount)) { 1: softokenLoadCount = 1 (gdb) Breakpoint 1, SECMOD_UnloadModule (mod=0x610ba0) at pk11load.c:600 600 if (0 == PR_ATOMIC_DECREMENT(&softokenLoadCount)) { 1: softokenLoadCount = 0 (gdb) test_instance() succeeded 0/16 Breakpoint 1, SECMOD_UnloadModule (mod=0x6732c0) at pk11load.c:600 600 if (0 == PR_ATOMIC_DECREMENT(&softokenLoadCount)) { 1: softokenLoadCount = 3 (gdb) Breakpoint 1, SECMOD_UnloadModule (mod=0x67b9e0) at pk11load.c:600 600 if (0 == PR_ATOMIC_DECREMENT(&softokenLoadCount)) { 1: softokenLoadCount = 2 (gdb) Breakpoint 1, SECMOD_UnloadModule (mod=0x612dc0) at pk11load.c:600 600 if (0 == PR_ATOMIC_DECREMENT(&softokenLoadCount)) { 1: softokenLoadCount = 1 (gdb) Breakpoint 1, SECMOD_UnloadModule (mod=0x612080) at pk11load.c:600 600 if (0 == PR_ATOMIC_DECREMENT(&softokenLoadCount)) { 1: softokenLoadCount = 0 (gdb) Breakpoint 1, SECMOD_UnloadModule (mod=0x610ba0) at pk11load.c:600 600 if (0 == PR_ATOMIC_DECREMENT(&softokenLoadCount)) { 1: softokenLoadCount = -1 (gdb) test_instance() succeeded 1/16 Breakpoint 1, SECMOD_UnloadModule (mod=0x6716b0) at pk11load.c:600 600 if (0 == PR_ATOMIC_DECREMENT(&softokenLoadCount)) { 1: softokenLoadCount = 2 (gdb) Breakpoint 1, SECMOD_UnloadModule (mod=0x612dc0) at pk11load.c:600 600 if (0 == PR_ATOMIC_DECREMENT(&softokenLoadCount)) { 1: softokenLoadCount = 1 (gdb) Breakpoint 1, SECMOD_UnloadModule (mod=0x63c580) at pk11load.c:600 600 if (0 == PR_ATOMIC_DECREMENT(&softokenLoadCount)) { 1: softokenLoadCount = 0 (gdb) Breakpoint 1, SECMOD_UnloadModule (mod=0x612080) at pk11load.c:600 600 if (0 == PR_ATOMIC_DECREMENT(&softokenLoadCount)) { 1: softokenLoadCount = -1 (gdb) Breakpoint 1, SECMOD_UnloadModule (mod=0x610ba0) at pk11load.c:600 600 if (0 == PR_ATOMIC_DECREMENT(&softokenLoadCount)) { 1: softokenLoadCount = -2 (gdb) test_instance() succeeded 2/16 Breakpoint 1, SECMOD_UnloadModule (mod=0x6e8de0) at pk11load.c:600 600 if (0 == PR_ATOMIC_DECREMENT(&softokenLoadCount)) { 1: softokenLoadCount = 1 (gdb) Program received signal SIGSEGV, Segmentation fault. 0x000000330a40ddc0 in ?? () (gdb) up #1 0x0000003d59c589be in SECMOD_FreeModuleSpecList (module=0x610ba0, moduleSpecList=0x60d110) at pk11pars.c:1077 1077 retString = (*func)(SECMOD_MODULE_DB_FUNCTION_RELEASE, (gdb) print func $2 = (SECMODModuleDBFunc) 0x330a40ddc0 (gdb) info symbol func No symbol matches func.
Created attachment 551005 [details] a test-case
Created attachment 551006 [details] a proposed fix
Comment on attachment 551006 [details] a proposed fix r+ rrelyea good catch Kamil. elio same drill with upstreaming this patch. bob
Elio, no upstream bug has been linked to this yet. bob
(In reply to comment #5) See External tracker. Fixed upstream and this bug gets fixed by updating to 3.13.3.
Technical note added. If any revisions are required, please edit the "Technical Notes" field accordingly. All revisions will be proofread by the Engineering Content Services team. New Contents: No documentation needed
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHSA-2012-0973.html