Closed Bug 1417417 Opened 7 years ago Closed 7 years ago

[Static Analysis][Resource Leak] In functions where treeOp might fail

Categories

(Core :: DOM: HTML Parser, defect, P2)

defect

Tracking

()

RESOLVED FIXED
mozilla59
Tracking Status
firefox59 --- fixed

People

(Reporter: andi, Assigned: andi)

References

(Blocks 1 open bug)

Details

(Keywords: coverity, Whiteboard: CID 1421178)

Attachments

(1 file)

The Static Analysis tool Coverity detected that if allocation for |treeOp| fails a memory leak might occur, like in this context: >> char16_t* bufferCopy = new (mozilla::fallible) char16_t[aLength]; >> if (!bufferCopy) { >> // Just assigning mBroken instead of generating tree op. The caller >> // of tokenizeBuffer() will call MarkAsBroken() as appropriate. >> mBroken = NS_ERROR_OUT_OF_MEMORY; >> requestSuspension(); >> return; >> } >> >> memcpy(bufferCopy, aBuffer, aLength * sizeof(char16_t)); >> >> nsHtml5TreeOperation* treeOp = mOpQueue.AppendElement(mozilla::fallible); >> if (MOZ_UNLIKELY(!treeOp)) { >> MarkAsBrokenAndRequestSuspensionWithoutBuilder(NS_ERROR_OUT_OF_MEMORY); >> delete[] bufferCopy; >> return; >> } >> treeOp->Init(eTreeOpAppendText, bufferCopy, aLength, >> deepTreeSurrogateParent ? deepTreeSurrogateParent : aParent);
Comment on attachment 8928498 [details] Bug 1417417 - use UniquePtr for bufferCopy to prevent memory leak when treeOp is null. https://reviewboard.mozilla.org/r/199754/#review204850 ::: parser/html/nsHtml5TreeBuilderCppSupplement.h:612 (Diff revision 1) > memcpy(bufferCopy, aBuffer, aLength * sizeof(char16_t)); > > nsHtml5TreeOperation* treeOp = mOpQueue.AppendElement(mozilla::fallible); > if (MOZ_UNLIKELY(!treeOp)) { > MarkAsBrokenAndRequestSuspensionWithoutBuilder(NS_ERROR_OUT_OF_MEMORY); > + delete[] bufferCopy; Instead of calling `delete[]` manually, please make `bufferCopy` use a `UniquePtr` and allocate the buffer with `MakeUniqueFallible` as [seen elsewhere in the parser](https://searchfox.org/mozilla-central/source/parser/html/nsHtml5StreamParser.cpp#815).
Attachment #8928498 - Flags: review?(hsivonen) → review-
Priority: -- → P2
Comment on attachment 8928498 [details] Bug 1417417 - use UniquePtr for bufferCopy to prevent memory leak when treeOp is null. https://reviewboard.mozilla.org/r/199754/#review204878 Thank you!
Attachment #8928498 - Flags: review?(hsivonen) → review+
Pushed by bpostelnicu@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/34e43107b2f6 use UniquePtr for bufferCopy to prevent memory leak when treeOp is null. r=hsivonen
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla59
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: