FMM: Freeing mismatched memory; nsDiskCacheStreamIO mBuffer

VERIFIED FIXED

Status

()

Core
Networking: Cache
--
major
VERIFIED FIXED
15 years ago
15 years ago

People

(Reporter: John Morrison, Assigned: gordon)

Tracking

Trunk
x86
Windows 2000
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

(Reporter)

Description

15 years ago
I was running Purify and came across this FMM. 


[E] FMM: Freeing mismatched memory in delete(void *) {1 occurrence}
        Address 0x08dd1c58 points into a malloc'd block in heap 0x02cb0000

        Location of free attempt
            delete(void *) [msvcrt.DLL]
            nsDiskCacheStreamIO::Close(UINT) [nsDiskCacheStreams.obj:357]
            nsDiskCacheStreamIO::~nsDiskCacheStreamIO(void)
[nsDiskCacheStreams.obj:336]
            ???            [ip=0x08decb0c]
            nsDiskCacheStreamIO::`scalar deleting destructor'(UINT)
[nsDiskCacheStreams.obj]
            nsDiskCacheStreamIO::Release(void) [nsDiskCacheStreams.cpp:307]
                #pragma mark nsDiskCacheStreamIO
                #endif
                
             => NS_IMPL_THREADSAFE_ISUPPORTS1(nsDiskCacheStreamIO, nsIStreamIO);
                
                // we pick 16k as the max buffer size because that is the
threshold above which
                //      we are unable to store the data in the cache block files
            nsFileTransport::~nsFileTransport(void) [nsFileTransport.cpp:306]
            nsFileTransport::`scalar deleting destructor'(UINT) [necko.dll]
            nsFileTransport::Release(void) [nsFileTransport.cpp:312]
            nsOnStopRequestEvent::~nsOnStopRequestEvent(void)
[nsRequestObserverProxy.cpp:192]

        Allocation location
            malloc         [msvcrt.DLL]
            nsDiskCacheStreamIO::ReadCacheBlocks(void) [nsDiskCacheStreams.cpp:670]
                    if (!mBuffer) {
                        // allocate buffer
                        mBufSize  = bufSize;
             =>         mBuffer   = (char *) malloc(mBufSize);
                        if (!mBuffer) {
                            mBufSize = 0;
                            return NS_ERROR_OUT_OF_MEMORY;
            nsDiskCacheStreamIO::GetInputStream(nsIInputStream * *)
[nsDiskCacheStreams.obj:392]
            nsFileTransport::Process(nsIProgressEventSink *)
[nsFileTransport.cpp:692]
            nsFileTransport::Run(void) [nsFileTransport.cpp:639]
            nsThread::Main(void *) [nsThread.cpp:120]
            CreateFileA    [KERNEL32.dll]
(Assignee)

Comment 1

15 years ago
This has been fixed.  We now use malloc() and free(), rather than malloc() and
delete.
Status: NEW → RESOLVED
Last Resolved: 15 years ago
Resolution: --- → FIXED
(Reporter)

Comment 2

15 years ago
verified per http://bugzilla.mozilla.org/show_bug.cgi?id=162944#c13, since I 
think this was the same bug.
Status: RESOLVED → VERIFIED
You need to log in before you can comment on or make changes to this bug.