Closed Bug 267298 Opened 20 years ago Closed 20 years ago

memory leak in /modules/libpref/src/nsPrefBranch.cpp

Categories

(SeaMonkey :: Preferences, defect)

Product:
SeaMonkey
Component:
Preferences
Platform:
x86
Linux
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED INVALID

People

(Reporter: andrew.tong, Unassigned)

Details

Attachments

(1 file)

free '\0' string
530 bytes, patch
Details | Diff | Splinter Review 
User-Agent:       Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7) Gecko/20040809
Build Identifier: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7) Gecko/20040809

I use valgrind to detect memory leak in mozilla and find a leak in nsPrefBranch.cpp

Here is the detail output of valgrind:

==1860== 16 bytes in 16 blocks are definitely lost in loss record 30 of
193
==1860==    at 0x1B901E74: malloc (vg_replace_malloc.c:131)
==1860==    by 0x1B9C34C4: PL_strdup (strdup.c:46)
==1860==    by 0x1D812131: GConfProxy::GetCharPref(char const*, char**)
(nsSystemPrefService.cpp:676)
==1860==    by 0x1D81139F: nsSystemPrefService::GetCharPref(char const*,
char**) (nsSystemPrefService.cpp:292)
==1860==    by 0x1CA152C7: nsPrefBranch::GetCharPref(char const*,
char**) (./modules/libpref/src/nsPrefBranch.cpp:215)
==1860==    by 0x1EF34596: mozSRoaming::GenerateLiPrefs()
(mozSRoaming.cpp:187)
==1860==    by 0x1EF348FC: mozSRoaming::EndSession()
(./extensions/sroaming/src/mozSRoaming.cpp:217)
==1860==    by 0x1DB28097: nsProfile::ShutDownCurrentProfile(unsigned)
(./profile/src/nsProfile.cpp:1371)
==1860==    by 0x8061C4A: DoOnShutdown()
(./xpfe/bootstrap/nsAppRunner.cpp:806)
==1860==    by 0x8064B4E: main (nsAppRunner.cpp:1792)
==1860==    by 0x1C0694C1: __libc_start_main (in /lib/i686/libc.so.6)

Reproducible: Always
Steps to Reproduce:
1. run mozilla under valgrind
2. visit some page(only visit your homepage is OK)
3. quit mozilla
Attached patch free '\0' stringSplinter Review 
I free the '\0' string which is ignored before.
Attachment #164274 - Flags: superreview?(jag)
Attachment #164274 - Flags: review?(alecf)
The patch looks strange, it looks like it's against an old nsPrefBranch.cpp
revision.
NS_IMETHODIMP nsPrefBranch::GetCharPref(const char *aPrefName, char **_retval)
{
  const char *pref;
  nsresult   rv;

  rv = getValidatedPrefName(aPrefName, &pref);
  if (NS_SUCCEEDED(rv)) {
    if (checkMozPrefsKey(aPrefName) && !mIsDefault) {
      PRBool useSystemPrefsValue = PR_FALSE;
      rv = GetBoolPref(UseSystemPref,&useSystemPrefsValue);
      if (useSystemPrefsValue) {
        nsCOMPtr<nsIPrefBranch> sysPrefService =
                       do_GetService(sSysPrefService, &rv);
      if (NS_SUCCEEDED(rv) && sysPrefService) {
        rv =sysPrefService->GetCharPref(aPrefName,_retval);
        if (strlen(*_retval) != 0)
          return rv;
  +     else
  +       free(*_retval);
        // strlen(str) == 0 does not mean str == NULL
        // if str == '\0' (str has one byte memory)
        // strlen('\0') equal 0
        // so we must free *_retval before give it new value
        // in function PREF_CopyCharPref.
      }
     }
    }
    rv = PREF_CopyCharPref(pref, _retval, mIsDefault);
  }
  return rv;
}

Here is the function who malloc momory for *_retval

PR_IMPLEMENT(char *)
PL_strdup(const char *s)
{
    char *rv;
    PRUint32 l;

    l = PL_strlen(s); 

    rv = (char *)malloc(l+1); // it malloc l+1 byte, not l byte.
    if( (char *)0 == rv ) return rv;

    if( (const char *)0 == s )
        *rv = '\0';
    else
        (void)PL_strcpy(rv, s);

    return rv;
}

This bug doesn't exist in community mozilla, sorry.
Thanks for your attention.
Status: UNCONFIRMED → RESOLVED
Closed: 20 years ago
Resolution: --- → INVALID
Please clear the patch pending review requests, thanks.
Attachment #164274 - Flags: superreview?(jag)
Attachment #164274 - Flags: review?(alecf)
Product: Browser → Seamonkey
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: