Closed
Bug 1800050
Opened 2 years ago
Closed 1 year ago
malloc vs operator delete [] mismatch in WriteCachedStencil
Categories
(Core :: JavaScript Engine, task, P1)
Core
JavaScript Engine
Tracking
()
RESOLVED
FIXED
109 Branch
Tracking | Status | |
---|---|---|
firefox109 | --- | fixed |
People
(Reporter: arai, Assigned: arai)
References
(Blocks 1 open bug)
Details
Attachments
(1 file)
https://bugzilla.mozilla.org/show_bug.cgi?id=1799250#c4
JS::TranscodeBuffer::extractOrCopyRawBuffer
returns a buffer allocated with malloc
, and it needs free
.
WriteCachedStencil
receives the buffer into UniquePtr<char[]>
, which uses delete[]
.
(as pointed out in https://bugzilla.mozilla.org/show_bug.cgi?id=1799250#c7 , this doesn't need immediate fix)
Possible solutions are:
- always copy the
JS::TranscodeBuffer
content into a new buffer allocated withnew[]
- modify the
JS::TranscodeBuffer
to usenew[]
- support
free
inStartupCache
1 is the simplest, but it needs extra copy.
Assignee | ||
Comment 1•2 years ago
|
||
FontNameCache::WriteCache
also passes malloc-ed buffer to StartupCache::PutBuffer
void WriteCache() {
...
mCache->PutBuffer(CACHE_KEY, UniquePtr<char[]>(ToNewCString(buf)),
Other places uses MakeUnique<char[]>
.
Assignee | ||
Comment 2•1 year ago
|
||
I'll look into switching all consumers to use malloc
/free
.
Assignee: nobody → arai.unmht
Status: NEW → ASSIGNED
Updated•1 year ago
|
Assignee | ||
Comment 3•1 year ago
|
||
Updated•1 year ago
|
Priority: P2 → P1
Pushed by arai_a@mac.com: https://hg.mozilla.org/integration/autoland/rev/02350fa31397 Use UniqueFreePtr in StartupCache::PutBuffer. r=nbp
Comment 5•1 year ago
|
||
bugherder |
Status: ASSIGNED → RESOLVED
Closed: 1 year ago
status-firefox109:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → 109 Branch
You need to log in
before you can comment on or make changes to this bug.
Description
•