Closed
Bug 127806
Opened 23 years ago
Closed 23 years ago
FMM: freeing mismatched mem in nsFSURLEncoded::URLEncode
Categories
(Core :: DOM: Core & HTML, defect, P1)
Tracking
()
VERIFIED
FIXED
mozilla1.0
People
(Reporter: jrgmorrison, Assigned: john)
Details
this is bug 114356, redux.
Same steps: "I get the FMM just from submitting the form on
http://cowtools/page-loader/loader.pl, but that is a very vanilla form,
so I assume any form would do for testing."
Marking nsbeta1, as the other bug was nsbeta1+.
Output of purify (total of 8 occurences from a signal submit button push).
----------------------------------------------------------------------
[E] FMM: Freeing mismatched memory in free {3 occurrences}
Address 0x0944dfe8 points into a C++ new block in heap 0x02cb0000
Location of free attempt
free [msvcrt.DLL]
PR_Free [prmem.c:430]
nsFSURLEncoded::URLEncode(nsAString const&,nsCString&)
[nsFormSubmission.cpp:347]
char* convertedBuf = nsLinebreakConverter::ConvertLineBreaks(inBuf,
nsLinebreakConverter::eLinebreakAny,
nsLinebreakConverter::eLinebreakNet);
=> nsMemory::Free(inBuf);
char* escapedBuf = nsEscape(convertedBuf, url_XPAlphas);
nsMemory::Free(convertedBuf);
nsHTMLSelectElement::SubmitNamesValues(nsIFormSubmission *,nsIContent *)
[nsHTMLSelectElement.cpp:2033]
nsHTMLFormElement::WalkFormElements(nsIFormSubmission *,nsIContent *)
[nsHTMLFormElement.cpp:840]
nsHTMLFormElement::DoSubmit(nsIPresContext *,nsEvent *)
[nsHTMLFormElement.cpp:652]
nsHTMLFormElement::DoSubmitOrReset(nsIPresContext *,nsEvent *,int)
[nsHTMLFormElement.cpp:607]
nsHTMLFormElement::HandleDOMEvent(nsIPresContext *,nsEvent *,nsIDOMEvent *
*,UINT,nsEventStatus *) [nsHTMLFormElement.cpp:569]
PresShell::HandleEventInternal(nsEvent *,nsIView *,UINT,nsEventStatus *)
[nsPresShell.cpp:6003]
PresShell::HandleEventWithTarget(nsEvent *,nsIFrame *,nsIContent
*,UINT,nsEventStatus *) [nsPresShell.cpp:5972]
Allocation location
new(UINT) [msvcrt.DLL]
nsFormSubmission::UnicodeToNewBytes(WORD const*,UINT,nsIUnicodeEncoder *)
[nsFormSubmission.cpp:947]
return nsnull;
}
=> res = new char[maxByteLen+1];
if (res) {
PRInt32 reslen = maxByteLen;
PRInt32 reslen2;
nsFormSubmission::EncodeVal(nsAString const&) [nsFormSubmission.cpp:983]
nsFSURLEncoded::URLEncode(nsAString const&,nsCString&)
[nsFormSubmission.cpp:337]
nsHTMLSelectElement::SubmitNamesValues(nsIFormSubmission *,nsIContent *)
[nsHTMLSelectElement.cpp:2033]
nsHTMLFormElement::WalkFormElements(nsIFormSubmission *,nsIContent *)
[nsHTMLFormElement.cpp:840]
nsHTMLFormElement::DoSubmit(nsIPresContext *,nsEvent *)
[nsHTMLFormElement.cpp:652]
nsHTMLFormElement::DoSubmitOrReset(nsIPresContext *,nsEvent *,int)
[nsHTMLFormElement.cpp:607]
nsHTMLFormElement::HandleDOMEvent(nsIPresContext *,nsEvent *,nsIDOMEvent *
*,UINT,nsEventStatus *) [nsHTMLFormElement.cpp:569]
PresShell::HandleEventInternal(nsEvent *,nsIView *,UINT,nsEventStatus *)
[nsPresShell.cpp:6003]
Comment 1•23 years ago
|
||
nsbeta1+
Assignee | ||
Comment 2•23 years ago
|
||
fixed with bug 117422. There are no similar bugs in the file that I can see.
Status: NEW → RESOLVED
Closed: 23 years ago
Resolution: --- → FIXED
Updated•6 years ago
|
Component: HTML: Form Submission → DOM: Core & HTML
You need to log in
before you can comment on or make changes to this bug.
Description
•