Closed
Bug 1024226
Opened 10 years ago
Closed 10 years ago
moz_gdk_pixbuf_to_channel leaks |buf| if |do_CreateInstance("@mozilla.org/io/string-input-stream;1", &rv);| fails
Categories
(Core :: Graphics: ImageLib, defect)
Core
Graphics: ImageLib
Tracking
()
RESOLVED
FIXED
mozilla34
People
(Reporter: mccr8, Assigned: wlitwinczyk, Mentored)
References
(Blocks 1 open bug)
Details
(Keywords: coverity, memory-leak, Whiteboard: [MemShrink:P3][CID 221162])
Attachments
(1 file, 2 obsolete files)
1.35 KB,
patch
|
jrmuizel
:
review+
|
Details | Diff | Splinter Review |
No description provided.
Updated•10 years ago
|
Whiteboard: [MemShrink][CID 221162] → [MemShrink:P3][CID 221162]
Reporter | ||
Updated•10 years ago
|
Mentor: continuation
Reporter | ||
Comment 1•10 years ago
|
||
http://mxr.mozilla.org/mozilla-central/source/image/decoders/icon/gtk/nsIconChannel.cpp#125
Updated•10 years ago
|
Assignee: nobody → wlitwinczyk
Assignee | ||
Comment 2•10 years ago
|
||
Hi Andrew, Would you mind seeing if this patch fixes the leak?
Flags: needinfo?(continuation)
Reporter | ||
Comment 3•10 years ago
|
||
As I said in the other bug, I don't have a test case or anything, but it looks like it would fix the leak to me.
Flags: needinfo?(continuation)
Assignee | ||
Updated•10 years ago
|
Attachment #8453204 -
Flags: review?(milan)
Comment 4•10 years ago
|
||
Comment on attachment 8453204 [details] [diff] [review] skia_bug_1024226 Looks good to me. Didn't check - NS_Free nulls out buf? I know we return right away, but I don't like non-null pointers to freed memory :)
Attachment #8453204 -
Flags: review?(milan)
Attachment #8453204 -
Flags: review?(jmuizelaar)
Attachment #8453204 -
Flags: feedback+
Assignee | ||
Comment 5•10 years ago
|
||
NS_Free appears to forward to regular free, so no zeroing of buf. I was going to make the change, but it's declared as a read-only variable: http://dxr.mozilla.org/mozilla-central/source/image/decoders/icon/gtk/nsIconChannel.cpp#86 in order to verify that the copying below worked correctly.
Comment 6•10 years ago
|
||
Comment on attachment 8453204 [details] [diff] [review] skia_bug_1024226 Review of attachment 8453204 [details] [diff] [review]: ----------------------------------------------------------------- ::: image/decoders/icon/gtk/nsIconChannel.cpp @@ +132,1 @@ > NS_ENSURE_SUCCESS(rv, rv); You might as well move this return below the NS_Free(buf) instead of having us check rv again. @@ +132,4 @@ > NS_ENSURE_SUCCESS(rv, rv); > > rv = stream->AdoptData((char*)buf, buf_size); > NS_ENSURE_SUCCESS(rv, rv); This NS_ENSURE_SUCCESS should also be: if (NS_FAILED(rv)) { NS_Free(buf); return; } to avoid leaking here.
Attachment #8453204 -
Flags: review?(jmuizelaar) → review-
Comment 7•10 years ago
|
||
(In reply to Jeff Muizelaar [:jrmuizel] from comment #6) > Comment on attachment 8453204 [details] [diff] [review] > skia_bug_1024226 > > Review of attachment 8453204 [details] [diff] [review]: > ----------------------------------------------------------------- > > ::: image/decoders/icon/gtk/nsIconChannel.cpp > @@ +132,1 @@ > > NS_ENSURE_SUCCESS(rv, rv); > > You might as well move this return below the NS_Free(buf) instead of having > us check rv again. > > @@ +132,4 @@ > > NS_ENSURE_SUCCESS(rv, rv); > > > > rv = stream->AdoptData((char*)buf, buf_size); > > NS_ENSURE_SUCCESS(rv, rv); > > This NS_ENSURE_SUCCESS should also be: > > if (NS_FAILED(rv)) { > NS_Free(buf); > return; > } This takes care of my comment as well.
Assignee | ||
Comment 8•10 years ago
|
||
(In reply to Jeff Muizelaar [:jrmuizel] from comment #6) > Comment on attachment 8453204 [details] [diff] [review] > skia_bug_1024226 > > Review of attachment 8453204 [details] [diff] [review]: > ----------------------------------------------------------------- > @@ +132,4 @@ > > NS_ENSURE_SUCCESS(rv, rv); > > > > rv = stream->AdoptData((char*)buf, buf_size); > > NS_ENSURE_SUCCESS(rv, rv); > > This NS_ENSURE_SUCCESS should also be: > > if (NS_FAILED(rv)) { > NS_Free(buf); > return; > } > > to avoid leaking here. I think it shouldn't be freed because AdoptData will transfer ownership to the stream: http://dxr.mozilla.org/mozilla-central/source/xpcom/io/nsIStringStream.idl#39
Assignee | ||
Comment 9•10 years ago
|
||
Attachment #8453204 -
Attachment is obsolete: true
Attachment #8457482 -
Flags: review?(jmuizelaar)
Comment 10•10 years ago
|
||
(In reply to Walter Litwinczyk [:walter] from comment #8) > > I think it shouldn't be freed because AdoptData will transfer ownership to > the stream: > > http://dxr.mozilla.org/mozilla-central/source/xpcom/io/nsIStringStream.idl#39 Does the ownership still transfer if AdoptData fails?
Flags: needinfo?(wlitwinczyk)
Assignee | ||
Comment 11•10 years ago
|
||
It doesn't appear that AdoptData can fail: http://dxr.mozilla.org/mozilla-central/source/xpcom/io/nsStringStream.cpp#156 http://dxr.mozilla.org/mozilla-central/source/xpcom/string/nsTSubstring.cpp#447
Flags: needinfo?(wlitwinczyk)
Updated•10 years ago
|
Attachment #8457482 -
Flags: review?(jmuizelaar) → review+
Comment 12•10 years ago
|
||
(In reply to Walter Litwinczyk [:walter] from comment #11) > It doesn't appear that AdoptData can fail: > > http://dxr.mozilla.org/mozilla-central/source/xpcom/io/nsStringStream.cpp#156 > http://dxr.mozilla.org/mozilla-central/source/xpcom/string/nsTSubstring. > cpp#447 Maybe add a comment about that where we check for failure then
Assignee | ||
Comment 13•10 years ago
|
||
I left the NS_ENSURE_SUCCESS() so it would print something in non-debug builds.
Attachment #8457482 -
Attachment is obsolete: true
Attachment #8458146 -
Flags: review?(jmuizelaar)
Updated•10 years ago
|
Attachment #8458146 -
Flags: review?(jmuizelaar) → review+
Assignee | ||
Comment 14•10 years ago
|
||
Try: https://tbpl.mozilla.org/?tree=Try&rev=410e4a82baa3
Keywords: checkin-needed
Comment 16•10 years ago
|
||
https://hg.mozilla.org/mozilla-central/rev/4d8154a37ebb
Status: NEW → RESOLVED
Closed: 10 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla34
Updated•6 years ago
|
Blocks: coverity-analysis
You need to log in
before you can comment on or make changes to this bug.
Description
•