Closed
Bug 1605254
Opened 4 years ago
Closed 4 years ago
Deferred parser allocation leaks BigInt if dead code elimination deletes parse node
Categories
(Core :: JavaScript Engine, defect, P1)
Tracking
()
RESOLVED
FIXED
mozilla73
Tracking | Status | |
---|---|---|
firefox-esr68 | --- | unaffected |
firefox71 | --- | wontfix |
firefox72 | --- | wontfix |
firefox73 | --- | fixed |
People
(Reporter: mgaudet, Assigned: mgaudet)
References
(Regression)
Details
(Keywords: memory-leak, regression, testcase)
Attachments
(2 files)
+++ This bug was initially created as a clone of Bug #1604952 +++
128n
ASAN_OPTIONS=detect_leaks=1 $ ./dist/bin/js --fuzzing-safe --no-threads --no-baseline --no-ion --parser-deferred-alloc testcase.js
=================================================================
==18722==ERROR: LeakSanitizer: detected memory leaks
Direct leak of 8 byte(s) in 1 object(s) allocated from:
#0 0x5634c3844f4d (/home/matthew/unified/js/src/build_asan_DBG.OBJ/dist/bin/js+0x387cf4d)
#1 0x5634c3a09264 (/home/matthew/unified/js/src/build_asan_DBG.OBJ/dist/bin/js+0x3a41264)
#2 0x5634c3a09198 (/home/matthew/unified/js/src/build_asan_DBG.OBJ/dist/bin/js+0x3a41198)
#3 0x5634c3a0907c (/home/matthew/unified/js/src/build_asan_DBG.OBJ/dist/bin/js+0x3a4107c)
#4 0x5634c38a0a9a (/home/matthew/unified/js/src/build_asan_DBG.OBJ/dist/bin/js+0x38d8a9a)
#5 0x5634c38a2219 (/home/matthew/unified/js/src/build_asan_DBG.OBJ/dist/bin/js+0x38da219)
#6 0x5634c39ab549 (/home/matthew/unified/js/src/build_asan_DBG.OBJ/dist/bin/js+0x39e3549)
$
Tested this on m-c rev f870bccd07ee.
Configure flags are:
AR=ar sh ./configure --enable-address-sanitizer --disable-jemalloc --with-ccache --enable-gczeal --enable-debug-symbols --disable-tests
This is largely the exact same bug as 1604952.
Assignee | ||
Comment 1•4 years ago
|
||
Depends on D57904
Updated•4 years ago
|
Assignee: nobody → mgaudet
Status: NEW → ASSIGNED
Assignee | ||
Comment 2•4 years ago
|
||
Depends on D57936
Comment 3•4 years ago
|
||
Can we land a test for this?
status-firefox71:
--- → wontfix
status-firefox72:
--- → wontfix
status-firefox-esr68:
--- → unaffected
Flags: needinfo?(mgaudet)
Keywords: memory-leak
Pushed by mgaudet@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/9ea8c50d1b1a Move BigIntCreationData to Stencil.h r=tcampbell https://hg.mozilla.org/integration/autoland/rev/e36e29c5bd6b Change ownership of BigIntCreationData by holding them on frontend::ParseInfo r=tcampbell
Assignee | ||
Comment 5•4 years ago
|
||
Good reminder; I did add a test to the landed patches.
Definitely wontfix for previous releases as this code path is dead without explicit opt in.
Flags: needinfo?(mgaudet)
Updated•4 years ago
|
Flags: in-testsuite+
Comment 6•4 years ago
|
||
bugherder |
https://hg.mozilla.org/mozilla-central/rev/9ea8c50d1b1a
https://hg.mozilla.org/mozilla-central/rev/e36e29c5bd6b
Status: ASSIGNED → RESOLVED
Closed: 4 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla73
Updated•4 years ago
|
Has Regression Range: --- → yes
You need to log in
before you can comment on or make changes to this bug.
Description
•