Open Bug 1450476 Opened 7 years ago Updated 2 years ago

LSan: Indirect leak of 4096 bytes in [@ nsHtml5TreeBuilder]

Tracking

()

Status:

NEW

Tracking Flags:

Tracking

Status

firefox-esr68

---

affected

firefox61

---

wontfix

firefox68

---

wontfix

firefox69

---

affected

firefox70

---

affected

People

(Reporter: tsmith, Unassigned)

References

(Blocks 3 open bugs)

Details

(Keywords: memory-leak, testcase)

Attachments

(3 files, 1 obsolete file)

testcase.html 7 years ago Tyson Smith [:tsmith] 319 bytes, text/html		Details
lsan.txt 7 years ago Tyson Smith [:tsmith] 2.63 KB, text/plain		Details
testcase.html 5 years ago Tyson Smith [:tsmith] 328 bytes, text/html		Details
bloatview.log 5 years ago Tyson Smith [:tsmith] 1.57 KB, text/plain		Details

Tyson Smith [:tsmith]

Reporter

Description

•

7 years ago

Attached file testcase.html (obsolete) — Details

Indirect leak of 4096 byte(s) in 1 object(s) allocated from: #0 0x4c1c93 in malloc /builds/worker/workspace/moz-toolchain/src/llvm/projects/compiler-rt/lib/asan/asan_malloc_linux.cc:88:3 #1 0x4f26fd in moz_xmalloc src/memory/mozalloc/mozalloc.cpp:70:17 #2 0x7fcdbf556ad1 in operator new[] src/obj-firefox/dist/include/mozilla/mozalloc.h:168:12 #3 0x7fcdbf556ad1 in nsHtml5TreeBuilder src/parser/html/nsHtml5TreeBuilderCppSupplement.h:51 #4 0x7fcdbf556ad1 in nsHtml5StreamParser::nsHtml5StreamParser(nsHtml5TreeOpExecutor*, nsHtml5Parser*, eParserMode) src/parser/html/nsHtml5StreamParser.cpp:155 #5 0x7fcdbf54ce7a in nsHtml5Parser::MarkAsNotScriptCreated(char const*) src/parser/html/nsHtml5Parser.cpp:608:35 #6 0x7fcdc384063e in nsHTMLDocument::StartDocumentLoad(char const*, nsIChannel*, nsILoadGroup*, nsISupports*, nsIStreamListener**, bool, nsIContentSink*) src/dom/html/nsHTMLDocument.cpp #7 0x7fcdc6123b1a in nsContentDLF::CreateDocument(char const*, nsIChannel*, nsILoadGroup*, nsIDocShell*, nsID const&, nsIStreamListener**, nsIContentViewer**) src/layout/build/nsContentDLF.cpp:364:13 #8 0x7fcdc61230ee in nsContentDLF::CreateInstance(char const*, nsIChannel*, nsILoadGroup*, nsTSubstring<char> const&, nsIDocShell*, nsISupports*, nsIStreamListener**, nsIContentViewer**) src/layout/build/nsContentDLF.cpp #9 0x7fcdc06d0ac9 in nsExternalResourceMap::PendingLoad::SetupViewer(nsIRequest*, nsIContentViewer**, nsILoadGroup**) src/dom/base/nsDocument.cpp:1103:26 #10 0x7fcdc06cfc26 in nsExternalResourceMap::PendingLoad::OnStartRequest(nsIRequest*, nsISupports*) src/dom/base/nsDocument.cpp:1031:17 #11 0x7fcdbd81bd2c in nsBaseChannel::OnStartRequest(nsIRequest*, nsISupports*) src/netwerk/base/nsBaseChannel.cpp:859:25 #12 0x7fcdbd86e403 in nsInputStreamPump::OnStateStart() src/netwerk/base/nsInputStreamPump.cpp:526:25 #13 0x7fcdbd86da79 in nsInputStreamPump::OnInputStreamReady(nsIAsyncInputStream*) src/netwerk/base/nsInputStreamPump.cpp:429:25 #14 0x7fcdbd633042 in nsInputStreamReadyEvent::Run() src/xpcom/io/nsStreamUtils.cpp:102:20 #15 0x7fcdbd6a2758 in nsThread::ProcessNextEvent(bool, bool*) src/xpcom/threads/nsThread.cpp:1096:14 #16 0x7fcdbd6beac0 in NS_ProcessNextEvent(nsIThread*, bool) src/xpcom/threads/nsThreadUtils.cpp:519:10 #17 0x7fcdbe58a59a in mozilla::ipc::MessagePump::Run(base::MessagePump::Delegate*) src/ipc/glue/MessagePump.cpp:97:21 #18 0x7fcdbe4dd919 in RunInternal src/ipc/chromium/src/base/message_loop.cc:326:10 #19 0x7fcdbe4dd919 in RunHandler src/ipc/chromium/src/base/message_loop.cc:319 #20 0x7fcdbe4dd919 in MessageLoop::Run() src/ipc/chromium/src/base/message_loop.cc:299 #21 0x7fcdc5098f0a in nsBaseAppShell::Run() src/widget/nsBaseAppShell.cpp:157:27 #22 0x7fcdc9114a0b in nsAppStartup::Run() src/toolkit/components/startup/nsAppStartup.cpp:290:30 #23 0x7fcdc931ed3c in XREMain::XRE_mainRun() src/toolkit/xre/nsAppRunner.cpp:4766:22 #24 0x7fcdc9321e76 in XREMain::XRE_main(int, char**, mozilla::BootstrapConfig const&) src/toolkit/xre/nsAppRunner.cpp:4911:8 #25 0x7fcdc9323334 in XRE_main(int, char**, mozilla::BootstrapConfig const&) src/toolkit/xre/nsAppRunner.cpp:5003:21 #26 0x4f168b in do_main src/browser/app/nsBrowserApp.cpp:231:22 #27 0x4f168b in main src/browser/app/nsBrowserApp.cpp:304 #28 0x7fcddd8aa82f in __libc_start_main /build/glibc-Cl5G7W/glibc-2.23/csu/../csu/libc-start.c:291

Tyson Smith [:tsmith]

Reporter

Comment 1

•

7 years ago

Attached file lsan.txt — Details

Suppressions file

(no longer active)

Updated

•

6 years ago

Priority: -- → P3

Tyson Smith [:tsmith]

Reporter

Updated

•

6 years ago

Blocks: leak-fuzz

Tyson Smith [:tsmith]

Reporter

Comment 2

•

5 years ago

Attached file testcase.html — Details

Attachment #8964130 - Attachment is obsolete: true

Tyson Smith [:tsmith]

Reporter

Comment 3

•

5 years ago

Attached file bloatview.log — Details

Tyson Smith [:tsmith]

Reporter

Updated

•

5 years ago

status-firefox61: affected → wontfix

status-firefox68: --- → wontfix

status-firefox69: --- → affected

status-firefox70: --- → affected

status-firefox-esr68: --- → affected

Flags: in-testsuite?

Andrew McCreight [:mccr8]

Updated

•

5 years ago

Attachment #9080226 - Attachment mime type: application/octet-stream → text/plain

BMO Automation

Updated

•

2 years ago

Severity: normal → S3

Takanori MATSUURA

Updated

•

2 years ago

Blocks: LSan

You need to log in before you can comment on or make changes to this bug.

Bugzilla

LSan: Indirect leak of 4096 bytes in [@ nsHtml5TreeBuilder]

Categories

(Core :: DOM: HTML Parser, defect, P3)

Tracking

()

People

(Reporter: tsmith, Unassigned)

References

(Blocks 3 open bugs)

Details

(Keywords: memory-leak, testcase)

Crash Data

Security

(public)

User Story

Attachments

(3 files, 1 obsolete file)

Description

Comment 1

Updated

Updated

Comment 2

Comment 3

Updated

Updated

Updated

Updated

Attachment

General

Description

File Name

Content Type