nsArena crashes if destroyed before Init()

VERIFIED FIXED in M9

Status

()

P1
normal
VERIFIED FIXED
19 years ago
19 years ago

People

(Reporter: rginda, Assigned: scc-obsolete)

Tracking

Trunk
x86
Linux
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

(Reporter)

Description

19 years ago
~nsArena calls PL_FinishArenaPool(&mPool); without checking to see if
the pool was initialized.  The included patch adds an mInitialized member
to the class.  I'd guess there is probably a Better Way.


Index: nsArena.cpp
===================================================================
RCS file: /cvsroot/mozilla/xpcom/ds/nsArena.cpp,v
retrieving revision 3.4
diff -u -r3.4 nsArena.cpp
--- nsArena.cpp 1999/07/28 08:27:38     3.4
+++ nsArena.cpp 1999/07/31 06:51:07
@@ -20,6 +20,7 @@
 #include "nsCRT.h"

 ArenaImpl::ArenaImpl(void)
+    : mInitialized(PR_FALSE)
 {
   NS_INIT_REFCNT();
   nsCRT::memset(&mPool, 0, sizeof(PLArenaPool));
@@ -33,6 +34,7 @@
   }
   PL_INIT_ARENA_POOL(&mPool, "nsIArena", aBlockSize);
   mBlockSize = aBlockSize;
+  mInitialized = PR_TRUE;
   return NS_OK;
 }

@@ -40,7 +42,8 @@

 ArenaImpl::~ArenaImpl()
 {
-  PL_FinishArenaPool(&mPool);
+  if (mInitialized)
+    PL_FinishArenaPool(&mPool);
 }

 NS_IMETHODIMP_(void*)
Index: nsArena.h
===================================================================
RCS file: /cvsroot/mozilla/xpcom/ds/nsArena.h,v
retrieving revision 1.2
diff -u -r1.2 nsArena.h
--- nsArena.h   1999/07/28 08:27:38     1.2
+++ nsArena.h   1999/07/31 06:51:07
@@ -42,6 +42,10 @@
 protected:
   PLArenaPool mPool;
   PRUint32 mBlockSize;
+
+private:
+  PRBool mInitialized;
+
 };

 #endif // nsArena_h__

Updated

19 years ago
Assignee: dp → scc
(Reporter)

Comment 1

19 years ago
oops...

-  PL_FinishArenaPool(&mPool);
+  if (mInitialized)
+    PL_FinishArenaPool(&mPool);

that should be
-  PL_FinishArenaPool(&mPool);
+  if (mInitialized)
+    PL_FinishArenaPool(&mPool);
+
+  mInitialized = PR_FALSE;
(Assignee)

Updated

19 years ago
Status: NEW → ASSIGNED

Comment 2

19 years ago
Shouldn't this be critical severity, since it crashes?

Comment 3

19 years ago
I thought I fixed this a while back. Maybe it never got checked in.
Someone should verify.
(Assignee)

Updated

19 years ago
Target Milestone: M9
(Assignee)

Updated

19 years ago
Priority: P3 → P1
(Assignee)

Comment 4

19 years ago
this is a crasher, it needs to be a high priority
(Assignee)

Updated

19 years ago
Status: ASSIGNED → RESOLVED
Last Resolved: 19 years ago
Resolution: --- → FIXED
(Reporter)

Updated

19 years ago
Status: RESOLVED → VERIFIED
You need to log in before you can comment on or make changes to this bug.