Closed
Bug 1800050
Opened 2 years ago
Closed 1 year ago
malloc vs operator delete [] mismatch in WriteCachedStencil
Categories
(Core :: JavaScript Engine, task, P1)
Core
JavaScript Engine
Tracking
()
RESOLVED
FIXED
109 Branch
| Tracking | Status | |
|---|---|---|
| firefox109 | --- | fixed |
People
(Reporter: arai, Assigned: arai)
References
(Blocks 1 open bug)
Details
Attachments
(1 file)
https://bugzilla.mozilla.org/show_bug.cgi?id=1799250#c4
JS::TranscodeBuffer::extractOrCopyRawBuffer returns a buffer allocated with malloc, and it needs free.
WriteCachedStencil receives the buffer into UniquePtr<char[]>, which uses delete[].
(as pointed out in https://bugzilla.mozilla.org/show_bug.cgi?id=1799250#c7 , this doesn't need immediate fix)
Possible solutions are:
- always copy the
JS::TranscodeBuffercontent into a new buffer allocated withnew[] - modify the
JS::TranscodeBufferto usenew[] - support
freeinStartupCache
1 is the simplest, but it needs extra copy.
|
Assignee | |
Comment 1•2 years ago
|
||
FontNameCache::WriteCache also passes malloc-ed buffer to StartupCache::PutBuffer
void WriteCache() {
...
mCache->PutBuffer(CACHE_KEY, UniquePtr<char[]>(ToNewCString(buf)),
Other places uses MakeUnique<char[]>.
|
|
Assignee | |
Comment 2•1 year ago
|
||
I'll look into switching all consumers to use malloc/free.
Assignee: nobody → arai.unmht
Status: NEW → ASSIGNED
|
||
Updated•1 year ago
|
|
|
Assignee | |
Comment 3•1 year ago
|
||
|
||
Updated•1 year ago
|
Priority: P2 → P1
Pushed by arai_a@mac.com: https://hg.mozilla.org/integration/autoland/rev/02350fa31397 Use UniqueFreePtr in StartupCache::PutBuffer. r=nbp
|
||
Comment 5•1 year ago
|
||
| bugherder | ||
Status: ASSIGNED → RESOLVED
Closed: 1 year ago
status-firefox109:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → 109 Branch
You need to log in
before you can comment on or make changes to this bug.
Description
•