Closed
Bug 1417417
Opened 7 years ago
Closed 7 years ago
[Static Analysis][Resource Leak] In functions where treeOp might fail
Categories
(Core :: DOM: HTML Parser, defect, P2)
Core
DOM: HTML Parser
Tracking
()
RESOLVED
FIXED
mozilla59
Tracking | Status | |
---|---|---|
firefox59 | --- | fixed |
People
(Reporter: andi, Assigned: andi)
References
(Blocks 1 open bug)
Details
(Keywords: coverity, Whiteboard: CID 1421178)
Attachments
(1 file)
The Static Analysis tool Coverity detected that if allocation for |treeOp| fails a memory leak might occur, like in this context:
>> char16_t* bufferCopy = new (mozilla::fallible) char16_t[aLength];
>> if (!bufferCopy) {
>> // Just assigning mBroken instead of generating tree op. The caller
>> // of tokenizeBuffer() will call MarkAsBroken() as appropriate.
>> mBroken = NS_ERROR_OUT_OF_MEMORY;
>> requestSuspension();
>> return;
>> }
>>
>> memcpy(bufferCopy, aBuffer, aLength * sizeof(char16_t));
>>
>> nsHtml5TreeOperation* treeOp = mOpQueue.AppendElement(mozilla::fallible);
>> if (MOZ_UNLIKELY(!treeOp)) {
>> MarkAsBrokenAndRequestSuspensionWithoutBuilder(NS_ERROR_OUT_OF_MEMORY);
>> delete[] bufferCopy;
>> return;
>> }
>> treeOp->Init(eTreeOpAppendText, bufferCopy, aLength,
>> deepTreeSurrogateParent ? deepTreeSurrogateParent : aParent);
Comment hidden (mozreview-request) |
Comment 2•7 years ago
|
||
mozreview-review |
Comment on attachment 8928498 [details]
Bug 1417417 - use UniquePtr for bufferCopy to prevent memory leak when treeOp is null.
https://reviewboard.mozilla.org/r/199754/#review204850
::: parser/html/nsHtml5TreeBuilderCppSupplement.h:612
(Diff revision 1)
> memcpy(bufferCopy, aBuffer, aLength * sizeof(char16_t));
>
> nsHtml5TreeOperation* treeOp = mOpQueue.AppendElement(mozilla::fallible);
> if (MOZ_UNLIKELY(!treeOp)) {
> MarkAsBrokenAndRequestSuspensionWithoutBuilder(NS_ERROR_OUT_OF_MEMORY);
> + delete[] bufferCopy;
Instead of calling `delete[]` manually, please make `bufferCopy` use a `UniquePtr` and allocate the buffer with `MakeUniqueFallible` as [seen elsewhere in the parser](https://searchfox.org/mozilla-central/source/parser/html/nsHtml5StreamParser.cpp#815).
Attachment #8928498 -
Flags: review?(hsivonen) → review-
Comment hidden (mozreview-request) |
Updated•7 years ago
|
Priority: -- → P2
Comment 4•7 years ago
|
||
mozreview-review |
Comment on attachment 8928498 [details]
Bug 1417417 - use UniquePtr for bufferCopy to prevent memory leak when treeOp is null.
https://reviewboard.mozilla.org/r/199754/#review204878
Thank you!
Attachment #8928498 -
Flags: review?(hsivonen) → review+
Pushed by bpostelnicu@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/34e43107b2f6
use UniquePtr for bufferCopy to prevent memory leak when treeOp is null. r=hsivonen
Comment 6•7 years ago
|
||
bugherder |
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla59
You need to log in
before you can comment on or make changes to this bug.
Description
•