Closed Bug 284038 Opened 20 years ago Closed 19 years ago

OOM crash [@ EnumFonts]

Categories

(Core Graveyard :: Ports: Qt, defect)

Product:
Core Graveyard
Component:
Ports: Qt
Platform:
x86
Linux
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: timeless, Assigned: bastiaan)

References

(
URL
)

Details

(Keywords: crash)

Crash Data

Attachments

(1 file, 3 obsolete files)

remove realloc
1.11 KB, patch
roc
: review+
roc
: superreview+
Details | Diff | Splinter Review 
note that cleanup for this case needs to properly release the partially
constructed array.
Severity: normal → critical
Attached patch fix (obsolete) — Splinter Review 
Not only are the Allocs not checked, but in the for loop, i is never
incremented. So, EnumFonts() would always enumerate exactly one font.
Assignee: zack → b.jacques
Status: NEW → ASSIGNED
Attached patch better fix (obsolete) — Splinter Review 

        Attachment #187727 -
        Attachment is obsolete: true

    
  

        Attachment #187774 -
        Flags: review?(zack)

    
    

    
  
Comment on attachment 187774 [details] [diff] [review]
better fix

yeah, why not, looks good. thanks.

        Attachment #187774 -
        Flags: review?(zack) → review+

    
  

        Attachment #187774 -
        Flags: approval1.8b3?

    
  

        Attachment #187774 -
        Flags: approval1.8b3?

    
    

    
  
Comment on attachment 187774 [details] [diff] [review]
better fix

+	     array = (PRUnichar**)nsMemory::Realloc(count *
sizeof(PRUnichar*));

This is wrong. nsMemory::Realloc() should take two arguments. Why does the
compiler allow us to call it with only one?

    
    

    
  

      
      
      
      

        Attached patch
          
          
        oops. (obsolete)
        — Splinter Review
      

    


  
..Because I don't normally build with the qt backend, of course. Boy, do I look
silly now.

        Attachment #187774 -
        Attachment is obsolete: true

    
  

        Attachment #187802 -
        Flags: review?(zack)

    
    

    
  
Comment on attachment 187802 [details] [diff] [review]
oops.

As long as it builds I'm fine with virtually anything. Both KDE and Qt don't
handle OOM errors cleanly anyway. The bottom line on anything beside Windows is
that due to excessive swapping user has closed the application around five
times anyway ;)

        Attachment #187802 -
        Flags: review?(zack) → review+

    
  

        Attachment #187802 -
        Flags: approval1.8b3?

    
    

    
  
Comment on attachment 187802 [details] [diff] [review]
oops.

a=bsmedberg for checkin on 6/30 only

        Attachment #187802 -
        Flags: approval1.8b3? → approval1.8b3+

    
    

    
  
Checked in by timeless (2005-06-30 13:48).
Status: ASSIGNED → RESOLVED
Closed: 19 years ago
Resolution: --- → FIXED

    
    

    
  
ok, so...
+            array = (PRUnichar**)nsMemory::Realloc((void*)array, count *
sizeof(PRUnichar*));

does this actually have a chance of working in an OOM situation? given how
realloc works, I actually doubt that... (because realloc leaves the old memory
untouched if the allocation fails. thus, it must request the new memory before
freeing the old one)

so, I'll reopen.
Status: RESOLVED → REOPENED
Resolution: FIXED → ---

    
    

    
  
Hm, okay. So would you suggest returning the partial array (with its count
adjusted), or freeing up the partial array and returning NS_ERROR_OOM?

    
    

    
  
hm, I think just adjusting the count is better... (something like the first
patch here)

    
    

    
  

      
      
      
      

        Attached patch
          
          
        remove reallocSplinter Review
      

    


  
And you couldn't have mentioned this earlier?!	;)

        Attachment #187802 -
        Attachment is obsolete: true

    
    

    
  
it worried me all the time but only now I could explain why :-)

    
  

        Attachment #188681 -
        Flags: review?(zack)

    
    

    
  
CC'ing Zack.

    
    

    
  
Comment on attachment 188681 [details] [diff] [review]
remove realloc

Zack hasn't responded to my request, would you be interested in sr and rs'ing
this change, roc?

        Attachment #188681 -
        Flags: review?(zack) → superreview?(roc)

        Attachment #188681 -
        Flags: superreview?(roc)

        Attachment #188681 -
        Flags: superreview+

        Attachment #188681 -
        Flags: review+

    
    

    
  
Attachment 188681 [details] [diff] was checked in by timeless (2005-10-06 14:16).
Status: REOPENED → RESOLVED
Closed: 19 years ago19 years ago
Resolution: --- → FIXED
QA Contact: cbiesinger → ports-qt
Product: Core → Core Graveyard
Crash Signature: [@ EnumFonts]

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: