Closed
Bug 111381
Opened 23 years ago
Closed 20 years ago
Freeing mismatched memory in free
Categories
(MailNews Core :: Networking: NNTP, defect)
MailNews Core
Networking: NNTP
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: stephend, Assigned: mikael)
Details
Attachments
(1 file, 1 obsolete file)
|
5.27 KB,
patch
|
Bienvenu
:
review+
mscott
:
superreview+
|
Details | Diff | Splinter Review |
Build ID: Latest trunk Win32 CVS pull using Purify.
Saw this just reading n.p.m.layout, copying one posting to an IMAP folder, then
deleting it and emptying the trash ;-)
[E] FMM: Freeing mismatched memory in free {1 occurrence}
Address 0x09594f90 points into a C++ new block in heap 0x02920000
Location of free attempt
free [msvcrt.DLL]
PR_Free [prmem.c:78]
nsSharedBufferHandle<char>::~nsSharedBufferHandle<char>(void)
[nsBufferHandle.h:363]
if ( mFlags & kIsStorageDefinedSeparately )
string_storage = NS_REINTERPRET_CAST(nsFlexBufferHandle<CharT>*,
this)->StorageStart();
=> get_allocator().Deallocate(string_storage);
}
}
nsSharedBufferHandle<char>::ReleaseReference(void)const
[nsBufferHandle.h:223]
{
nsSharedBufferHandle<CharT>* mutable_this = NS_CONST_CAST
(nsSharedBufferHandle<CharT>*, this);
if ( !mutable_this->set_refcount( get_refcount()-1 ) )
=> delete mutable_this;
// hmm, what if |kIsUserAllocator| and
|kIsSingleAllocationWithBuffer|?
}
nsMsgNewsFolder::GetNewsrcLine(char * *) [nsNewsFolder.cpp:1479]
if (!*newsrcLine) return NS_ERROR_OUT_OF_MEMORY;
=> return NS_OK;
}
NS_IMETHODIMP nsMsgNewsFolder::SetReadSetFromStr(const char *newsrcLine)
nsNntpIncomingServer::WriteNewsrcFile(void) [nsNntpIncomingServer.cpp:394]
newsFolder = do_QueryInterface(child, &rv);
if (NS_SUCCEEDED(rv) && newsFolder) {
nsXPIDLCString newsrcLine;
=> rv = newsFolder->GetNewsrcLine(getter_Copies
(newsrcLine));
if (NS_SUCCEEDED(rv) && ((const char *)newsrcLine)) {
// write the line to the newsrc file
newsrcStream << (const char *)newsrcLine;
nsNntpIncomingServer::OnNewsrcSaveTimer(nsITimer *,void *)
[nsNntpIncomingServer.cpp:291]
}
/* static */ void nsNntpIncomingServer::OnNewsrcSaveTimer(nsITimer *timer,
void *voidIncomingServer)
=> {
nsNntpIncomingServer *incomingServer = (nsNntpIncomingServer*)
voidIncomingServer;
incomingServer->WriteNewsrcFile();
}
nsTimerManager::FireNextReadyTimer(UINT) [nsTimerManager.cpp:130]
if (timer->GetPriority() >= minTimerPriority) {
mReadyQueue->RemoveElementAt(0);
=> timer->Fire();
NS_RELEASE(timer);
}
FireTimeout(HWND__ *,UINT,UINT,DWORD) [nsTimer.cpp:103]
ScrollDC [user32.dll]
Allocation location
new(UINT) [msvcrt.DLL]
nsMsgKeySet::Output(char * *) [nsMsgKeySet.cpp:337]
plus 10 bytes of slop. */
PRInt32 so = s - s_head;
s_size += 200;
=> char* tmp = new char[s_size];
if (tmp) PL_strcpy(tmp, s_head);
nsMemory::Free(s_head);
s_head = tmp;
nsMsgNewsFolder::GetNewsrcLine(char * *) [nsNewsFolder.cpp:1467]
nsXPIDLCString setStr;
if (mReadSet) {
=> mReadSet->Output(getter_Copies(setStr));
if (NS_SUCCEEDED(rv)) {
newsrcLineStr += " ";
newsrcLineStr += setStr;
nsNntpIncomingServer::WriteNewsrcFile(void) [nsNntpIncomingServer.cpp:394]
newsFolder = do_QueryInterface(child, &rv);
if (NS_SUCCEEDED(rv) && newsFolder) {
nsXPIDLCString newsrcLine;
=> rv = newsFolder->GetNewsrcLine(getter_Copies
(newsrcLine));
if (NS_SUCCEEDED(rv) && ((const char *)newsrcLine))
{
// write the line to the newsrc file
newsrcStream << (const char *)newsrcLine;
nsNntpIncomingServer::OnNewsrcSaveTimer(nsITimer *,void *)
[nsNntpIncomingServer.cpp:291]
}
/* static */ void nsNntpIncomingServer::OnNewsrcSaveTimer(nsITimer
*timer, void *voidIncomingServer)
=> {
nsNntpIncomingServer *incomingServer = (nsNntpIncomingServer*)
voidIncomingServer;
incomingServer->WriteNewsrcFile();
}
nsTimerManager::FireNextReadyTimer(UINT) [nsTimerManager.cpp:130]
if (timer->GetPriority() >= minTimerPriority) {
mReadyQueue->RemoveElementAt(0);
=> timer->Fire();
NS_RELEASE(timer);
}
FireTimeout(HWND__ *,UINT,UINT,DWORD) [nsTimer.cpp:103]
ScrollDC [user32.dll]
ScrollDC [user32.dll]
DispatchMessageA [user32.dll]
DispatchMessageA [USER32.DLL]
nsAppShell::Run(void) [nsAppShell.cpp:121]
nsAppShellService::Run(void) [nsAppShellService.cpp:301]
main1 [nsAppRunner.cpp:1304]
main [nsAppRunner.cpp:1630]
WinMain [nsAppRunner.cpp:1648]
|
||
Comment 1•23 years ago
|
||
this is a news problem, and has nothing to do with imap or the mork changes. I doubt is has to do with any of the changes I made, but I'll look into it.
Summary: Freeing mismatched memory in free → Freeing mismatched memory in free
|
|
||
Comment 2•23 years ago
|
||
changing severity - this has been around for a couple years now, I believe.
Severity: critical → minor
Status: NEW → ASSIGNED
|
||
Comment 3•22 years ago
|
||
This might fix it. The file contains tabs, the patch leaves them as they were.
|
|
||
Comment 4•22 years ago
|
||
the problem is, IIRC, that this has to match with all the callers. this might be the right fix, but you can't tell without looking at all the callers.
|
||
Updated•20 years ago
|
Product: MailNews → Core
|
Assignee | |
Comment 5•20 years ago
|
||
I've checked callers, and changed some of them. With this patch, all callers use getter_Copies, exept for the test code in nsMsgKey.cpp.
Assignee: bienvenu → mikael
Attachment #82397 -
Attachment is obsolete: true
Attachment #172091 -
Flags: superreview?(mscott)
Attachment #172091 -
Flags: review?(bienvenu)
|
|
||
Updated•20 years ago
|
Attachment #172091 -
Flags: review?(bienvenu) → review+
|
|
Assignee | |
Updated•20 years ago
|
OS: Windows 2000 → All
Hardware: PC → All
|
||
Updated•20 years ago
|
Attachment #172091 -
Flags: superreview?(mscott) → superreview+
|
|
||
Comment 6•20 years ago
|
||
I just checked this in for you. Thanks so much for the patch.
Status: ASSIGNED → RESOLVED
Closed: 20 years ago
Resolution: --- → FIXED
|
||
Comment 7•20 years ago
|
||
mlk keyword?
|
||
Updated•16 years ago
|
Product: Core → MailNews Core
You need to log in
before you can comment on or make changes to this bug.
Description
•