Mismatched free() / delete / delete [] at nsVoidArray::~nsVoidArray(void)

RESOLVED WORKSFORME

Status

()

Core
XPCOM
RESOLVED WORKSFORME
16 years ago
16 years ago

People

(Reporter: Peter A Jonsson, Assigned: Masaki Katakai)

Tracking

Trunk
x86
Linux
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

(URL)

(Reporter)

Description

16 years ago
How to reproduce: Start mozilla and quit with ^q.

==31521== Mismatched free() / delete / delete []
==31521==    at 0x404CED0A: nsVoidArray::~nsVoidArray(void) (nsVoidArray.cpp:362)
==31521==    by 0x40574978: ??? (../../dist/include/string/nsBufferHandle.h:399)
==31521==    by 0x450E430C: ??? (nsFontMetricsGTK.cpp:632)
==31521==    by 0x450C056D: FreeNodeArray(nsHashKey *, void *, void *)
(nsFontMetricsGTK.cpp:710)
==31521==    by 0x404B725A: _hashEnumerateRemove(PLHashEntry *, int, void *)
(nsHashtable.cpp:371)
==31521==    by 0x405EB31A: PL_HashTableEnumerateEntries (plhash.c:429)
==31521==    by 0x404B731B: nsHashtable::Reset(int (*)(nsHashKey *, void *, void
*), void *) (nsHashtable.cpp:390)
==31521==    by 0x450C07DD: FreeGlobals(void) (nsFontMetricsGTK.cpp:765)
==31521==    by 0x450C2CD5: nsFontMetricsGTK::~nsFontMetricsGTK(void)
(nsFontMetricsGTK.cpp:1200)
==31521==    by 0x450C2E89: nsFontMetricsGTK::Release(void)
(nsFontMetricsGTK.cpp:1204)
==31521==    Address 0x49944468 is 0 bytes inside a block of size 48 alloc'd
==31521==    at 0x4004519B: malloc (vg_clientfuncs.c:100)
==31521==    by 0x450DC7DC: ??? (../../gcc-2.95.3/gcc/cp/new1.cc:78)
==31521==    by 0x450CAFF8: nsFontMetricsGTK::TryNodes(nsACString &, unsigned
short) (nsFontMetricsGTK.cpp:4148)
==31521==    by 0x450CDB29: nsFontMetricsGTK::FindLangGroupFont(nsIAtom *,
unsigned short, nsCString *) (nsFontMetricsGTK.cpp:4729)
==31521==    by 0x450CB647: nsFontMetricsGTK::TryLangGroup(nsIAtom *, nsCString
*, unsigned short) (nsFontMetricsGTK.cpp:4233)
==31521==    by 0x450CB799: nsFontMetricsGTK::TryFamily(nsCString *, unsigned
short) (nsFontMetricsGTK.cpp:4251)
==31521==    by 0x450CBD69:
nsFontMetricsGTK::FindStyleSheetSpecificFont(unsigned short)
(nsFontMetricsGTK.cpp:4349)
==31521==    by 0x450CDDDF: nsFontMetricsGTK::FindFont(unsigned short)
(nsFontMetricsGTK.cpp:4773)
==31521==    by 0x450C3937: nsFontMetricsGTK::Init(nsFont const &, nsIAtom *,
nsIDeviceContext *) (nsFontMetricsGTK.cpp:1353)
==31521==    by 0x403158A2: nsFontCache::GetMetricsFor(nsFont const &, nsIAtom
*, nsIFontMetrics *&) (nsDeviceContext.cpp:616)

Comment 1

16 years ago
->me
Assignee: dougt → neeti
Summary: Mismatched free() / delete / delete [] at nsVoidArray::~nsVoidArray(void) → Mismatched free() / delete / delete [] at nsVoidArray::~nsVoidArray(void)

Comment 2

16 years ago
The leak is happening in FreeNodeArray(..) in nsFontMetricsGTK.cpp. Reassigning
to bstell.

Assignee: neeti → bstell

Comment 3

16 years ago
I have no idea how to read the information in the initial comment.
However, am I correct that the alloc is here:

> ==31521==    Address 0x49944468 is 0 bytes inside a block of size 48 alloc'd
> ==31521==    at 0x4004519B: malloc (vg_clientfuncs.c:100)
> ==31521==    by 0x450DC7DC: ??? (../../gcc-2.95.3/gcc/cp/new1.cc:78)
> ==31521==    by 0x450CAFF8: nsFontMetricsGTK::TryNodes(nsACString &, unsigned
> short) (nsFontMetricsGTK.cpp:4148)

ie: 4148                      nodes = new nsFontNodeArray;

and the dealloc is here:

> ==31521== Mismatched free() / delete / delete []
> ==31521==    at 0x404CED0A: nsVoidArray::~nsVoidArray(void) 
> (nsVoidArray.cpp:362)
> ==31521==    by 0x40574978: ??? 
> (../../dist/include/string/nsBufferHandle.h:399)
> ==31521==    by 0x450E430C: ??? (nsFontMetricsGTK.cpp:632)
==31521==    by 0x450C056D: FreeNodeArray(nsHashKey *, void *, void *)
(nsFontMetricsGTK.cpp:710)

ie: 710                  delete nodes;



Comment 4

16 years ago
->ftang
Assignee: bstell → ftang
(Reporter)

Comment 5

16 years ago
You are correct in your assumption where the alloc and dealloc is. Most likely
it is some member of nsFontNodeArray that is causing the warning to appear. It
is not necisarily a leak, it could be free() being used on memory that is
allocated with new. 

Comment 6

16 years ago
katakai- can you help to fix this one too?
Assignee: ftang → katakai
(Assignee)

Updated

16 years ago
Status: NEW → ASSIGNED
(Reporter)

Comment 7

16 years ago
I did a long testrun of mozilla on 21/7, I can no longer reproduce this. I
believe this was due to some string-fixes checked in quite a while ago. Closing
this with worksforme.

Log is at http://www.ludd.luth.se/~pj/mozilla/valgrind/valgrind.out.long.0721
Status: ASSIGNED → RESOLVED
Last Resolved: 16 years ago
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.