126104 - Memory leak of 3 bytes from 1 block allocated in nsHttpResponseHead::ParseStatusLine

Status: VERIFIED FIXED

(Core :: Networking: HTTP, defect, P1)

Description

[stephend@netscape.com (gone - use stephen.donner@gmail.com instead)]

Build ID: Windows 2000 latest trunk as of 6:30 pm today.

Summary: Memory leak of 3 bytes from 1 block allocated in 
nsHttpResponseHead::ParseStatusLine

Steps to Reproduce:

Just start up Mozilla with http://home.netscape.com as your start page.

    [W] MLK: Memory leak of 3 bytes from 1 block allocated in PL_strdup
        Distribution of leaked blocks
        Allocation location
        malloc         [MSVCRT.DLL]
        PL_strdup      [strdup.c:46]
        nsHttpResponseHead::ParseStatusLine(char *) [nsHttpResponseHead.cpp:161]
        
            if ((mVersion == NS_HTTP_VERSION_0_9) || !(line = PL_strchr
(line, ' '))) {
                mStatus = 200;
     =>         mStatusText = nsCRT::strdup("OK");
            }
            else {
                // Status-Code
        ???            [ip=0x08e53719]
        nsHttpTransaction::ParseLine(char *) [nsHttpTransaction.cpp:354]
            LOG(("nsHttpTransaction::ParseLine [%s]\n", line));
        
            if (!mHaveStatusLine) {
     =>         mResponseHead->ParseStatusLine(line);
                mHaveStatusLine = PR_TRUE;
                // XXX this should probably never happen
                if (mResponseHead->Version() == NS_HTTP_VERSION_0_9)
        ???            [ip=0x08b14a8c]
        nsHttpTransaction::ParseLineSegment(char *,UINT) 
[nsHttpTransaction.cpp:379]
                else {
                    // trim off the new line char and parse the line
                    mLineBuf.Truncate(mLineBuf.Length() - 1);
     =>             ParseLine(NS_CONST_CAST(char*,mLineBuf.get()));
                    // stuff the segment into the line buf
                    mLineBuf.Assign(segment, len);
                }
        nsHttpTransaction::ParseHead(char *,UINT,UINT *) 
[nsHttpTransaction.cpp:452]
                    len--;
        
                buf[len-1] = '\n';
     =>         ParseLineSegment(buf, len);
        
                if (mHaveAllHeaders)
                    return NS_OK;
        nsHttpTransaction::Read(char *,UINT,UINT *) [nsHttpTransaction.cpp:865]
            if (!mHaveAllHeaders) {
                PRUint32 bytesConsumed = 0;
        
     =>         rv = ParseHead(buf, count, &bytesConsumed);
                if (NS_FAILED(rv)) return rv;
        
                count -= bytesConsumed;
        nsReadFromInputStream [nsPipe2.cpp:845]
                              PRUint32 offset,
                              PRUint32 count,
                              PRUint32 *readCount)
     => {
            nsIInputStream* fromStream = (nsIInputStream*)closure;
            return fromStream->Read(toRawSegment, count, readCount);
        }
        nsPipe::nsPipeOutputStream::WriteSegments((*)(nsIOutputStream *,void 
*,char *,UINT,UINT,UINT *),void *,UINT,UINT *) [nsPipe2.cpp:721]
                    while (writeBufLen > 0) {
                        PRUint32 readCount = 0;
                        mon.Exit(); // XXX avoid deadlock better
     =>                 rv = reader(this, closure, writeBuf, *writeCount, 
writeBufLen, &readCount);
                        mon.Enter();
                        if (rv == NS_BASE_STREAM_WOULD_BLOCK) {
                            NS_ASSERTION(readCount <= writeBufLen, "reader 
returned bad readCount");
        nsPipe::nsPipeOutputStream::WriteFrom(nsIInputStream *,UINT,UINT *) 
[nsPipe2.cpp:854]
        nsPipe::nsPipeOutputStream::WriteFrom(nsIInputStream* fromStream,
                                              PRUint32 count,
                                              PRUint32 *writeCount)
     => {
            return WriteSegments(nsReadFromInputStream, fromStream, count, 
writeCount);
        }
        
        nsStreamListenerProxy::OnDataAvailable(nsIRequest *,nsISupports 
*,nsIInputStream *,UINT,UINT) [nsStreamListenerProxy.cpp:303]
                // that the pipe was emptied during this time, we retry copying 
data
                // into the pipe.
                //
     =>         rv = mPipeOut->WriteFrom(source, count, &bytesWritten);
        
                LOG(("nsStreamListenerProxy: Wrote data to pipe [rv=%x count=%u 
bytesWritten=%u req=%x]\n",
                    rv, count, bytesWritten, request));
        nsHttpTransaction::OnDataReadable(nsIInputStream *) 
[nsHttpTransaction.cpp:241]
        
            // let our listener try to read up to NS_HTTP_BUFFER_SIZE from us.
            rv = mListener->OnDataAvailable(this, nsnull, this,
     =>                                     mContentRead, NS_HTTP_BUFFER_SIZE);
        
            LOG(("nsHttpTransaction: listener returned [rv=%x]\n", rv));
        
        nsHttpConnection::OnDataAvailable(nsIRequest *,nsISupports 
*,nsIInputStream *,UINT,UINT) [nsHttpConnection.cpp:697]
                nsHttpHandler::get()->ProcessTransactionQ();
            }
        
     =>     nsresult rv = mTransaction->OnDataReadable(inputStream);
        
            LOG(("mTransaction->OnDataReadable() returned [rv=%x]\n", rv));
            return rv;
    nsSocketReadRequest::OnRead(void) [nsSocketTransport.cpp:2871]
                                            mContext,
                                            mInputStream,
                                            offset,
     =>                                     amount);
        
            LOG(("nsSocketReadRequest: listener returned [rv=%x]\n", rv));
        
    nsSocketTransport::doReadWrite(short) [nsSocketTransport.cpp:1077]
                        // we must not call out to our listener with the 
monitor held.  mReadRequest
                        // can only be cleared on this thread, so releasing the 
monitor should be safe.
                        PR_ExitMonitor(mMonitor);
     =>                 readStatus = mReadRequest->OnRead();
                        PR_EnterMonitor(mMonitor);
                        if (mReadRequest->IsSuspended()) {
                            mSelectFlags &= ~PR_POLL_READ;
    nsSocketTransport::Process(short) [nsSocketTransport.cpp:541]
                    LOG(("nsSocketTransport: Transport [host=%s:%d this=%x] "
                         "is in WaitReadWrite state [readtype=%x writetype=%x 
status=%x].\n",
                        mHostName, mPort, this, GetReadType(), GetWriteType(), 
mStatus));
     =>             mStatus = doReadWrite(aSelectFlags);
                    break;
        
                case eSocketState_Timeout:

Comment 1

[stephend@netscape.com (gone - use stephen.donner@gmail.com instead)]

This looks small, but I see this repeatedly all over the Purify logs and
sometimes it happens with greater byte counts. (20 bytes occasionally).

Comment 2

[Darin Fisher]

-> vinay

Comment 3

[Vinay Badami]

Attachment: to plug leak of nsHttpResponseHead resources

Call Reset from destructor of nsHttpResponseHead.
Have not been able to test patch under purify.

Comment 4

[Darin Fisher]

Comment on attachment 70712 [details] [diff] [review]
to plug leak of nsHttpResponseHead resources

sr=darin  whoops!!

Comment 5

[stephend@netscape.com (gone - use stephen.donner@gmail.com instead)]

Thanks, guys.  This fixes all nsHttp:ResponseHead leaks (status strings, too).  
Can't wait to see this land.

Comment 6

[Vinay Badami]

rpotss,bbaetz
Need a r on this please

Comment 7

[Gagan]

Comment on attachment 70712 [details] [diff] [review]
to plug leak of nsHttpResponseHead resources

r=gagan

Comment 8

[Asa Dotzler [:asa]]

a=asa (on behalf of drivers) for checkin to 0.9.9

Comment 9

[Vinay Badami]

Fixed with checkin 
D:\mozilla\netwerk\protocol\http\src>cvs commit nsHttpResponseHead.h
Checking in nsHttpResponseHead.h;
/cvsroot/mozilla/netwerk/protocol/http/src/nsHttpResponseHead.h,v  <--  nsHttpRe
sponseHead.h
new revision: 1.15; previous revision: 1.14
done

Comment 10

[stephend@netscape.com (gone - use stephen.donner@gmail.com instead)]

verified fixed (thanks, again).