141469 - Mismatched free() / delete / delete [] at nsVoidArray::~nsVoidArray(void)

Status: RESOLVED WORKSFORME

(Core :: XPCOM, defect)

Description

[Peter A Jonsson]

How to reproduce: Start mozilla and quit with ^q.

==31521== Mismatched free() / delete / delete []
==31521==    at 0x404CED0A: nsVoidArray::~nsVoidArray(void) (nsVoidArray.cpp:362)
==31521==    by 0x40574978: ??? (../../dist/include/string/nsBufferHandle.h:399)
==31521==    by 0x450E430C: ??? (nsFontMetricsGTK.cpp:632)
==31521==    by 0x450C056D: FreeNodeArray(nsHashKey *, void *, void *)
(nsFontMetricsGTK.cpp:710)
==31521==    by 0x404B725A: _hashEnumerateRemove(PLHashEntry *, int, void *)
(nsHashtable.cpp:371)
==31521==    by 0x405EB31A: PL_HashTableEnumerateEntries (plhash.c:429)
==31521==    by 0x404B731B: nsHashtable::Reset(int (*)(nsHashKey *, void *, void
*), void *) (nsHashtable.cpp:390)
==31521==    by 0x450C07DD: FreeGlobals(void) (nsFontMetricsGTK.cpp:765)
==31521==    by 0x450C2CD5: nsFontMetricsGTK::~nsFontMetricsGTK(void)
(nsFontMetricsGTK.cpp:1200)
==31521==    by 0x450C2E89: nsFontMetricsGTK::Release(void)
(nsFontMetricsGTK.cpp:1204)
==31521==    Address 0x49944468 is 0 bytes inside a block of size 48 alloc'd
==31521==    at 0x4004519B: malloc (vg_clientfuncs.c:100)
==31521==    by 0x450DC7DC: ??? (../../gcc-2.95.3/gcc/cp/new1.cc:78)
==31521==    by 0x450CAFF8: nsFontMetricsGTK::TryNodes(nsACString &, unsigned
short) (nsFontMetricsGTK.cpp:4148)
==31521==    by 0x450CDB29: nsFontMetricsGTK::FindLangGroupFont(nsIAtom *,
unsigned short, nsCString *) (nsFontMetricsGTK.cpp:4729)
==31521==    by 0x450CB647: nsFontMetricsGTK::TryLangGroup(nsIAtom *, nsCString
*, unsigned short) (nsFontMetricsGTK.cpp:4233)
==31521==    by 0x450CB799: nsFontMetricsGTK::TryFamily(nsCString *, unsigned
short) (nsFontMetricsGTK.cpp:4251)
==31521==    by 0x450CBD69:
nsFontMetricsGTK::FindStyleSheetSpecificFont(unsigned short)
(nsFontMetricsGTK.cpp:4349)
==31521==    by 0x450CDDDF: nsFontMetricsGTK::FindFont(unsigned short)
(nsFontMetricsGTK.cpp:4773)
==31521==    by 0x450C3937: nsFontMetricsGTK::Init(nsFont const &, nsIAtom *,
nsIDeviceContext *) (nsFontMetricsGTK.cpp:1353)
==31521==    by 0x403158A2: nsFontCache::GetMetricsFor(nsFont const &, nsIAtom
*, nsIFontMetrics *&) (nsDeviceContext.cpp:616)

Comment 1

[neeti]

->me

Comment 2

[neeti]

The leak is happening in FreeNodeArray(..) in nsFontMetricsGTK.cpp. Reassigning
to bstell.

Comment 3

[kill this account]

I have no idea how to read the information in the initial comment.
However, am I correct that the alloc is here:

> ==31521==    Address 0x49944468 is 0 bytes inside a block of size 48 alloc'd
> ==31521==    at 0x4004519B: malloc (vg_clientfuncs.c:100)
> ==31521==    by 0x450DC7DC: ??? (../../gcc-2.95.3/gcc/cp/new1.cc:78)
> ==31521==    by 0x450CAFF8: nsFontMetricsGTK::TryNodes(nsACString &, unsigned
> short) (nsFontMetricsGTK.cpp:4148)

ie: 4148                      nodes = new nsFontNodeArray;

and the dealloc is here:

> ==31521== Mismatched free() / delete / delete []
> ==31521==    at 0x404CED0A: nsVoidArray::~nsVoidArray(void) 
> (nsVoidArray.cpp:362)
> ==31521==    by 0x40574978: ??? 
> (../../dist/include/string/nsBufferHandle.h:399)
> ==31521==    by 0x450E430C: ??? (nsFontMetricsGTK.cpp:632)
==31521==    by 0x450C056D: FreeNodeArray(nsHashKey *, void *, void *)
(nsFontMetricsGTK.cpp:710)

ie: 710                  delete nodes;

Comment 4

[kill this account]

->ftang

Comment 5

[Peter A Jonsson]

You are correct in your assumption where the alloc and dealloc is. Most likely
it is some member of nsFontNodeArray that is causing the warning to appear. It
is not necisarily a leak, it could be free() being used on memory that is
allocated with new. 

Comment 6

[Frank Tang]

katakai- can you help to fix this one too?

Comment 7

[Peter A Jonsson]

I did a long testrun of mozilla on 21/7, I can no longer reproduce this. I
believe this was due to some string-fixes checked in quite a while ago. Closing
this with worksforme.

Log is at http://www.ludd.luth.se/~pj/mozilla/valgrind/valgrind.out.long.0721