Closed Bug 1031920 Opened 11 years ago Closed 11 years ago

If JS_NewArrayBufferWithContents fails, ArrayBufferBuilder::getArrayBuffer calls js_free(nullptr)

Tracking

()

Status:

RESOLVED FIXED

Milestone:

mozilla33

People

(Reporter: smaug, Assigned: mz_mhs-ctb)

References

Details

(Keywords: memory-leak, Whiteboard: [MemShrink])

Attachments

(1 file, 1 obsolete file)

xhr-leak.patch 11 years ago Michael 962 bytes, patch	smaug : review+	Details \| Diff \| Splinter Review
Patch for checkin, r=smaug 11 years ago Michael 970 bytes, patch	mz_mhs-ctb : review+	Details \| Diff \| Splinter Review

Olli Pettay [:smaug][bugs@pettay.fi]

Reporter

Description

•

11 years ago

http://hg.mozilla.org/mozilla-central/rev/ebdd57580809 looks odd. 1.11 JSObject* obj = JS_NewArrayBufferWithContents(aCx, mLength, mDataPtr); 1.12 + mDataPtr = nullptr; 1.13 + mLength = mCapacity = 0; 1.14 if (!obj) { 1.15 + js_free(mDataPtr); 1.16 return nullptr; 1.17 } We set mDataPtr to null and then if obj is null, try to free mDataPtr.

Andrew McCreight (out of office until 8/21) [:mccr8]

Comment 1

•

11 years ago

Yeah, it looks like this will leak whatever was in mDataPtr on failure.

Andrew McCreight (out of office until 8/21) [:mccr8]

Updated

•

11 years ago

Keywords: mlk

Whiteboard: [MemShrink]

Michael

Assignee

Comment 2

•

11 years ago

Attached patch xhr-leak.patch (obsolete) — Details — Splinter Review

Assignee: nobody → mz_mhs-ctb

Attachment #8448490 - Flags: review?(bugs)

Olli Pettay [:smaug][bugs@pettay.fi]

Reporter

Updated

•

11 years ago

Attachment #8448490 - Flags: review?(bugs) → review+

Michael

Assignee

Comment 3

•

11 years ago

Attached patch Patch for checkin, r=smaug — Details — Splinter Review

Attachment #8448490 - Attachment is obsolete: true

Attachment #8448764 - Flags: review+

Michael

Assignee

Updated

•

11 years ago

Keywords: checkin-needed

Carsten Book [:Tomcat]

Comment 4

•

11 years ago

Hi Michael, could you provide a try run for this checkin? Thanks!

Keywords: checkin-needed

Michael

Assignee

Comment 5

•

11 years ago

Unfortunately no, don't have commit access.

Flags: needinfo?(cbook)

Andrew McCreight (out of office until 8/21) [:mccr8]

Comment 6

•

11 years ago

I'll do a try run today and set checkin needed when it is done.

Flags: needinfo?(cbook) → needinfo?(continuation)

Andrew McCreight (out of office until 8/21) [:mccr8]

Comment 7

•

11 years ago

https://tbpl.mozilla.org/?tree=Try&rev=ccc5d73f13ec

Andrew McCreight (out of office until 8/21) [:mccr8]

Comment 8

•

11 years ago

Sorry this took so long, our test infrastructure was really backed up for some reason. Try run is green.

Flags: needinfo?(continuation)

Keywords: checkin-needed

Ryan VanderMeulen [:RyanVM]

Comment 9

•

11 years ago

https://hg.mozilla.org/integration/mozilla-inbound/rev/650af90512e2

Keywords: checkin-needed

Ryan VanderMeulen [:RyanVM]

Comment 10

•

11 years ago

https://hg.mozilla.org/mozilla-central/rev/650af90512e2

Status: NEW → RESOLVED

Closed: 11 years ago

Resolution: --- → FIXED

Target Milestone: --- → mozilla33

Nobody; OK to take it and work on it

Updated

•

6 years ago

Component: DOM → DOM: Core & HTML

You need to log in before you can comment on or make changes to this bug.

Bugzilla

If JS_NewArrayBufferWithContents fails, ArrayBufferBuilder::getArrayBuffer calls js_free(nullptr)

Categories

(Core :: DOM: Core & HTML, defect)

Tracking

()

People

(Reporter: smaug, Assigned: mz_mhs-ctb)

References

Details

(Keywords: memory-leak, Whiteboard: [MemShrink])

Crash Data

Security

(public)

User Story

Attachments

(1 file, 1 obsolete file)

Description

Comment 1

Updated

Comment 2

Updated

Comment 3

Updated

Comment 4

Comment 5

Comment 6

Comment 7

Comment 8

Comment 9

Comment 10

Updated

Attachment

General

Description

File Name

Content Type