Closed Bug 1417417 Opened 2 years ago Closed 2 years ago

[Static Analysis][Resource Leak] In functions where treeOp might fail

Categories

(Core :: DOM: HTML Parser, defect, P2)

defect

Tracking

()

RESOLVED FIXED
mozilla59
Tracking Status
firefox59 --- fixed

People

(Reporter: andi, Assigned: andi)

References

(Blocks 1 open bug)

Details

(Keywords: coverity, Whiteboard: CID 1421178)

Attachments

(1 file)

The Static Analysis tool Coverity detected that if allocation for |treeOp| fails a memory leak might occur, like in this context:

>>  char16_t* bufferCopy = new (mozilla::fallible) char16_t[aLength];
>>  if (!bufferCopy) {
>>    // Just assigning mBroken instead of generating tree op. The caller
>>    // of tokenizeBuffer() will call MarkAsBroken() as appropriate.
>>    mBroken = NS_ERROR_OUT_OF_MEMORY;
>>    requestSuspension();
>>    return;
>>  }
>>
>>  memcpy(bufferCopy, aBuffer, aLength * sizeof(char16_t));
>>
>>  nsHtml5TreeOperation* treeOp = mOpQueue.AppendElement(mozilla::fallible);
>>  if (MOZ_UNLIKELY(!treeOp)) {
>>    MarkAsBrokenAndRequestSuspensionWithoutBuilder(NS_ERROR_OUT_OF_MEMORY);
>>    delete[] bufferCopy;
>>    return;
>>  }
>>  treeOp->Init(eTreeOpAppendText, bufferCopy, aLength,
>>      deepTreeSurrogateParent ? deepTreeSurrogateParent : aParent);
Comment on attachment 8928498 [details]
Bug 1417417 - use UniquePtr for bufferCopy to prevent memory leak when treeOp is null.

https://reviewboard.mozilla.org/r/199754/#review204850

::: parser/html/nsHtml5TreeBuilderCppSupplement.h:612
(Diff revision 1)
>    memcpy(bufferCopy, aBuffer, aLength * sizeof(char16_t));
>  
>    nsHtml5TreeOperation* treeOp = mOpQueue.AppendElement(mozilla::fallible);
>    if (MOZ_UNLIKELY(!treeOp)) {
>      MarkAsBrokenAndRequestSuspensionWithoutBuilder(NS_ERROR_OUT_OF_MEMORY);
> +    delete[] bufferCopy;

Instead of calling `delete[]` manually, please make `bufferCopy` use a `UniquePtr` and allocate the buffer with `MakeUniqueFallible` as [seen elsewhere in the parser](https://searchfox.org/mozilla-central/source/parser/html/nsHtml5StreamParser.cpp#815).
Attachment #8928498 - Flags: review?(hsivonen) → review-
Priority: -- → P2
Comment on attachment 8928498 [details]
Bug 1417417 - use UniquePtr for bufferCopy to prevent memory leak when treeOp is null.

https://reviewboard.mozilla.org/r/199754/#review204878

Thank you!
Attachment #8928498 - Flags: review?(hsivonen) → review+
Pushed by bpostelnicu@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/34e43107b2f6
use UniquePtr for bufferCopy to prevent memory leak when treeOp is null. r=hsivonen
https://hg.mozilla.org/mozilla-central/rev/34e43107b2f6
Status: NEW → RESOLVED
Closed: 2 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla59
You need to log in before you can comment on or make changes to this bug.