Closed
Bug 1598082
Opened 5 years ago
Closed 5 years ago
ModuleObject::instantiateFunctionDeclarations should be clearer about ownership of |funDecls|
Categories
(Core :: JavaScript Engine, task, P3)
Core
JavaScript Engine
Tracking
()
RESOLVED
FIXED
mozilla72
Tracking | Status | |
---|---|---|
firefox72 | --- | fixed |
People
(Reporter: Waldo, Assigned: Waldo)
Details
Attachments
(1 file)
ModuleObject::instantiateFunctionDeclarations
grabs an owning funDecls
pointer, iterates through its contents filling in stuff in the actual module environment, then frees funDecls
and returns. But that filling-in process can fail. (I don't remember module semantics enough to know if this is triggerable other than by OOM.) And if it does, funDecls
will never be freed.
Comment 1•5 years ago
|
||
(In reply to Jeff Walden [:Waldo] from comment #0)
But that filling-in process can fail.
In that case the pointer is freed by the module object's finalizer: https://searchfox.org/mozilla-central/source/js/src/builtin/ModuleObject.cpp#780-783
Updated•5 years ago
|
Priority: -- → P3
Assignee | ||
Comment 2•5 years ago
|
||
Oh, bah -- that finalizer relationship is not horribly clear when you read this. Let's add some comments.
Summary: ModuleObject::instantiateFunctionDeclarations leaks |funDecls| in some failure cases → ModuleObject::instantiateFunctionDeclarations should be clearer about ownership of |funDecls|
Assignee | ||
Comment 3•5 years ago
|
||
Updated•5 years ago
|
Assignee: nobody → jwalden
Pushed by jwalden@mit.edu: https://hg.mozilla.org/integration/autoland/rev/73eab6e12fdb Add comments to |ModuleObject::instantiateFunctionDeclarations| clarifying ownership of |funDecls|. r=jonco
Comment 5•5 years ago
|
||
bugherder |
Status: NEW → RESOLVED
Closed: 5 years ago
status-firefox72:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla72
You need to log in
before you can comment on or make changes to this bug.
Description
•