Closed
Bug 215587
Opened 22 years ago
Closed 21 years ago
memory leak in nsClipboard::GetData
Categories
(Core Graveyard :: GFX: Xlib, defect)
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: wbardwel, Assigned: timeless)
Details
(Keywords: memory-leak)
Attachments
(1 file, 3 obsolete files)
|
3.02 KB,
patch
|
akkzilla
:
review+
|
Details | Diff | Splinter Review |
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.0.0) Gecko/20020529
Build Identifier: recent 1.5
nsClipboard::GetData mallocs space for the final param passed to
XGetWindowPropery and then frees what was put in that param.
This is wrong, that param should be the address of a pointer that
is NULL, XGetWindowProperty overwrites the param with a pointer
to space that X allocated itself. You should then XFree the
pointer. (So in the current code, the malloced space is leaked, and
the X allocated space is freed with the wrong routine (but it might
get away with that if XFree is the same as free.)
Reproducible: Always
Steps to Reproduce:
1.
2.
3.
Will attach simple patch
|
Reporter | |
Comment 1•22 years ago
|
||
|
|
Reporter | |
Comment 2•22 years ago
|
||
Old code looks like it could sometimes return random data,
because it doesn't always fill in "data". I made a second
patch that just returns an empty string in those cases,
and fixes the memory leak.
thanks
Assignee: jaggernaut → wbardwel
Component: XP Toolkit/Widgets → GFX: Xlib
Keywords: mlk
QA Contact: jrgm → timeless
Attachment #129471 -
Flags: review?(akkana)
|
||
Updated•22 years ago
|
Severity: normal → critical
|
||
Updated•22 years ago
|
Status: UNCONFIRMED → NEW
Ever confirmed: true
|
||
Comment 4•22 years ago
|
||
Comment on attachment 129471 [details] [diff] [review]
Better patch widget/src/xlib/nsClipboard.cpp
Yes, this is better. Thanks!
Does length end up being set right? Should we force it to zero if data == 0,
or just assume that strlen already did that for us?
Attachment #129471 -
Flags: superreview?(blizzard)
Attachment #129471 -
Flags: review?(akkana)
Attachment #129471 -
Flags: review+
|
|
Reporter | |
Comment 5•22 years ago
|
||
length/bytes will be 0 if XGetWindowProperty is never
called, or if it returns no data. That code has other
problems, like the fact that it can skip calling
XGetWindowProperty but still try to convert an empty
string, and that you are supposed to keep calling
XGetWindowProperty (updating the offset) until
it has actually read all of the data for the property
(right now it just reads the first 16k).
I think that the clipboard code may need a re-write
in general, there are a lot of clipboard related bugs...
This fix still helps with some basic reliability
issues, if not the correctness ones.
|
||
Comment 6•22 years ago
|
||
Comment on attachment 129471 [details] [diff] [review]
Better patch widget/src/xlib/nsClipboard.cpp
>--- ./widget/src/xlib/nsClipboard.cpp Fri Mar 14 20:04:05 2003
>+++ nsClipboard.cpp Fri Aug 8 17:46:53 2003
>@@ -342,7 +342,6 @@
>@@ -375,8 +374,8 @@
>
> // Place the data in the transferable
> PRInt32 length = bytes;
>- PRUnichar *testing = (PRUnichar *)malloc(strlen((char *)data)*2+1);
>- nsPrimitiveHelpers::ConvertPlatformPlainTextToUnicode((const char *)data,
>+ PRUnichar *testing = (PRUnichar *)malloc(data?strlen((char *)data)*2+1:3);
>+ nsPrimitiveHelpers::ConvertPlatformPlainTextToUnicode((const char *)data?data:"",
> length,
> &testing,
> &length);
That +1 should really be inside the *2 (which should be *sizeof(PRUnichar)),
the null terminator is also 16 bits. The 3 should be 2:
|(strlen("")+1)*sizeof(PRUnichar)|.
>@@ -391,7 +390,8 @@
> aTransferable->SetTransferData("text/unicode",
> genDataWrapper,
> length);
>- free(data);
>+ if (data)
>+ XFree(data);
Why XFree? It was |malloc|'ed, so |free|.
Attachment #129471 -
Flags: superreview?(blizzard) → superreview-
|
|
Reporter | |
Comment 7•22 years ago
|
||
The XFree is because it was not malloced.
XGetWindowProperty allocates the data. Part of the
fix is to stop mallocing an block and then passing the
address of the pointer to the malloced block to
XGetWindowProperty, which was then overwriting that
pointer with the address of the space that XGetWindowProperty
allocated itself.
Assignee: wbardwel → timeless
Attachment #129469 -
Attachment is obsolete: true
Attachment #129471 -
Attachment is obsolete: true
Status: NEW → ASSIGNED
Attachment #143874 -
Flags: superreview?(blizzard)
Attachment #143874 -
Flags: review?(akkzilla)
|
||
Updated•21 years ago
|
Attachment #143874 -
Flags: superreview?(blizzard) → superreview+
|
|
||
Comment 9•21 years ago
|
||
+ const char *constData = "";
+ if (data)
+ data = (const char*) data;
What are the second and third lines for? Should that third line be constData =?
|
Assignee | |
Comment 10•21 years ago
|
||
oops, yeah.
|
|
||
Updated•21 years ago
|
Attachment #143874 -
Flags: review?(akkzilla) → review-
|
|
Assignee | |
Comment 11•21 years ago
|
||
Attachment #143874 -
Attachment is obsolete: true
Attachment #144542 -
Flags: review?(akkzilla)
|
|
||
Updated•21 years ago
|
Attachment #144542 -
Flags: review?(akkzilla) → review+
|
|
Assignee | |
Comment 12•21 years ago
|
||
mozilla/widget/src/xlib/nsClipboard.cpp 1.25
mozilla/widget/src/xlib/nsClipboard.cpp 1.26
i messed up the commit
Status: ASSIGNED → RESOLVED
Closed: 21 years ago
Resolution: --- → FIXED
|
||
Updated•16 years ago
|
Product: Core → Core Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•