Closed Bug 290115 Opened 21 years ago Closed 13 years ago

JS_FinishArenaPool JS_ARENAMETER-only dup free ... [E] FFM: Freeing freed memory in free {1 occurrence}

Categories

(Core :: JavaScript Engine, defect, P5)

Product:
Core
Component:
JavaScript Engine
Platform:
x86
Windows XP
Type:
defect

Tracking

()

Status:
RESOLVED WORKSFORME

People

(Reporter: timeless, Unassigned)

Details

Attachments

(1 file)

purify log
118.40 KB, text/plain
Details
steps: 1. build w/ JS_ARENAMETER 2. run xpcshell under purify 3. quit() actual results: [E] FFM: Freeing freed memory in free {1 occurrence} Address 0x047e1238 points into a malloc'd block in heap 0x003e0000 Location of free attempt free [f:\vs70builds\3077\vc\crtbld\crt\src\dbgheap.c:1024] * *Purpose: * Frees a 'normal' memory block. * *Entry: * void * pUserData - pointer to a (user portion) of memory block in the * debug heap * *Return: * <void> * *******************************************************************************/ _CRTIMP void __cdecl free( void * pUserData ) => { _free_dbg(pUserData, _NORMAL_BLOCK); } #ifdef _MT void __cdecl _free_lk( void * pUserData ) { _free_dbg_lk(pUserData, _NORMAL_BLOCK); } #endif /* _MT */ JS_FinishArenaPool [r:\cenzic\mozilla\js\src\jsarena.c:445] JS_GC [r:\cenzic\mozilla\js\src\jsapi.c:1749] JS_MarkGCThing(JSContext *cx, void *thing, const char *name, void *arg) { JS_ASSERT(cx->runtime->gcLevel > 0); #ifdef JS_THREADSAFE JS_ASSERT(cx->runtime->gcThread == js_CurrentThreadId()); #endif GC_MARK(cx, thing, name, arg); } JS_PUBLIC_API(void) JS_GC(JSContext *cx) { /* Don't nuke active arenas if executing or compiling. */ if (cx->stackPool.current == &cx->stackPool.first) => JS_FinishArenaPool(&cx->stackPool); if (cx->tempPool.current == &cx->tempPool.first) JS_FinishArenaPool(&cx->tempPool); js_ForceGC(cx, 0); } JS_PUBLIC_API(void) JS_MaybeGC(JSContext *cx) { JSRuntime *rt; uint32 bytes, lastBytes; rt = cx->runtime; bytes = rt->gcBytes; lastBytes = rt->gcLastBytes; if ((bytes > 8192 && bytes > lastBytes + lastBytes / 2) || Allocation location malloc [f:\vs70builds\3077\vc\crtbld\crt\src\dbgheap.c:138] mbsdup [f:\vs70builds\3077\vc\crtbld\crt\src\strdup.c:42] JS_InitArenaPool [r:\cenzic\mozilla\js\src\jsarena.c:90] js_NewContext [r:\cenzic\mozilla\js\src\jscntxt.c:133] JS_NewContext [r:\cenzic\mozilla\js\src\jsapi.c:936] Free location free [f:\vs70builds\3077\vc\crtbld\crt\src\dbgheap.c:1024] JS_FinishArenaPool [r:\cenzic\mozilla\js\src\jsarena.c:445] JS_FreeArenaPool(JSArenaPool *pool) { FreeArenaList(pool, &pool->first, JS_FALSE); COUNT(pool, ndeallocs); } JS_PUBLIC_API(void) JS_FinishArenaPool(JSArenaPool *pool) { FreeArenaList(pool, &pool->first, JS_TRUE); #ifdef JS_ARENAMETER { JSArenaStats *stats, **statsp; if (pool->stats.name) => free(pool->stats.name); for (statsp = &arena_stats_list; (stats = *statsp) != 0; statsp = &stats->next) { if (stats == &pool->stats) { *statsp = stats->next; return; } } } #endif } JS_PUBLIC_API(void) JS_ArenaFinish() { JSArena *a, *next; JS_GC [r:\cenzic\mozilla\js\src\jsapi.c:1749] JS_MarkGCThing(JSContext *cx, void *thing, const char *name, void *arg) { JS_ASSERT(cx->runtime->gcLevel > 0); #ifdef JS_THREADSAFE JS_ASSERT(cx->runtime->gcThread == js_CurrentThreadId()); #endif GC_MARK(cx, thing, name, arg); } JS_PUBLIC_API(void) JS_GC(JSContext *cx) { /* Don't nuke active arenas if executing or compiling. */ if (cx->stackPool.current == &cx->stackPool.first) => JS_FinishArenaPool(&cx->stackPool); if (cx->tempPool.current == &cx->tempPool.first) JS_FinishArenaPool(&cx->tempPool); js_ForceGC(cx, 0); } JS_PUBLIC_API(void) JS_MaybeGC(JSContext *cx) { JSRuntime *rt; uint32 bytes, lastBytes; rt = cx->runtime; bytes = rt->gcBytes; lastBytes = rt->gcLastBytes; if ((bytes > 8192 && bytes > lastBytes + lastBytes / 2) || -- The purify report for this is unfortunately not deep enough, visual studio call stacks: JS3250$Purify_r_cenzic_mozilla_dbg-i686-pc-cygwin_dist_bin.DLL!JS_FinishArenaPool(JSArenaPool * pool=0x04823e90) Line 445 C JS3250$Purify_r_cenzic_mozilla_dbg-i686-pc-cygwin_dist_bin.DLL!JS_GC(JSContext * cx=0x04823e10) Line 1749 + 0x21 C > xpcshell$Purify_r_cenzic_mozilla_dbg-i686-pc-cygwin_dist_bin.exe!main(int argc=0x00000000, char * * argv=0x003e800c, char * * envp=0x003e2be0) Line 1083 + 0xa C++ xpcshell$Purify_r_cenzic_mozilla_dbg-i686-pc-cygwin_dist_bin.exe!mainCRTStartup() Line 398 + 0x11 C JS_ClearScope(cx, glob); JS_GC(cx); //xpcshell.cpp line 1083 JSContext *oldcx; cxstack->Pop(&oldcx); NS_ASSERTION(oldcx == cx, "JS thread context push/pop mismatch"); cxstack = nsnull; JS_GC(cx); //xpcshell.cpp line 1088 JS_DestroyContext(cx); xpc->SyncJSContexts(); } // this scopes the nsCOMPtrs // no nsCOMPtrs are allowed to be alive when you call NS_ShutdownXPCOM JS3250$Purify_r_cenzic_mozilla_dbg-i686-pc-cygwin_dist_bin.DLL!JS_FinishArenaPool(JSArenaPool * pool=0x04823e28) Line 445 C JS3250$Purify_r_cenzic_mozilla_dbg-i686-pc-cygwin_dist_bin.DLL!JS_GC(JSContext * cx=0x04823e10) Line 1749 + 0x1e C > xpcshell$Purify_r_cenzic_mozilla_dbg-i686-pc-cygwin_dist_bin.exe!main(int argc=0x00000000, char * * argv=0x003e800c, char * * envp=0x003e2be0) Line 1088 + 0xa C++ xpcshell$Purify_r_cenzic_mozilla_dbg-i686-pc-cygwin_dist_bin.exe!mainCRTStartup() Line 398 + 0x11 C this happens a couple of times, later we hit the same freed bits under: JS3250$Purify_r_cenzic_mozilla_dbg-i686-pc-cygwin_dist_bin.DLL!JS_FinishArenaPool(JSArenaPool * pool=0x04823e28) Line 445 C > JS3250$Purify_r_cenzic_mozilla_dbg-i686-pc-cygwin_dist_bin.DLL!js_DestroyContext(JSContext * cx=0x04823e10, JSGCMode gcmode=JS_FORCE_GC) Line 282 + 0x1e C JS3250$Purify_r_cenzic_mozilla_dbg-i686-pc-cygwin_dist_bin.DLL!JS_DestroyContext(JSContext * cx=0x04823e10) Line 942 + 0x29 C xpcshell$Purify_r_cenzic_mozilla_dbg-i686-pc-cygwin_dist_bin.exe!main(int argc=0x00000000, char * * argv=0x003e800c, char * * envp=0x003e2be0) Line 1089 + 0xa C++ xpcshell$Purify_r_cenzic_mozilla_dbg-i686-pc-cygwin_dist_bin.exe!mainCRTStartup() Line 398 + 0x11 C /* Free the stuff hanging off of cx. */ JS_FinishArenaPool(&cx->stackPool);/* jscntxt.c line 282 */ JS_FinishArenaPool(&cx->tempPool); [E] FFM: Freeing freed memory in free {1 occurrence} Address 0x047e1238 points into a malloc'd block in heap 0x003e0000 Location of free attempt free [f:\vs70builds\3077\vc\crtbld\crt\src\dbgheap.c:1024] JS_FinishArenaPool [r:\cenzic\mozilla\js\src\jsarena.c:445] js_DestroyContext [r:\cenzic\mozilla\js\src\jscntxt.c:282] js_FinishRuntimeScriptState(cx); /* Take the runtime down, now that it has no contexts or atoms. */ JS_LOCK_GC(rt); rt->state = JSRTS_DOWN; JS_NOTIFY_ALL_CONDVAR(rt->stateChange); JS_UNLOCK_GC(rt); } else { if (gcmode == JS_FORCE_GC) js_ForceGC(cx, 0); else if (gcmode == JS_MAYBE_GC) JS_MaybeGC(cx); } /* Free the stuff hanging off of cx. */ => JS_FinishArenaPool(&cx->stackPool); JS_FinishArenaPool(&cx->tempPool); if (cx->lastMessage) free(cx->lastMessage); /* Remove any argument formatters. */ map = cx->argumentFormatMap; while (map) { JSArgumentFormatMap *temp = map; map = map->next; JS_free(cx, temp); } /* Destroy the resolve recursion damper. */ if (cx->resolvingTable) { JS_DHashTableDestroy(cx->resolvingTable); JS_DestroyContext [r:\cenzic\mozilla\js\src\jsapi.c:942] Allocation location malloc [f:\vs70builds\3077\vc\crtbld\crt\src\dbgheap.c:138] mbsdup [f:\vs70builds\3077\vc\crtbld\crt\src\strdup.c:42] JS_InitArenaPool [r:\cenzic\mozilla\js\src\jsarena.c:90] js_NewContext [r:\cenzic\mozilla\js\src\jscntxt.c:133] JS_NewContext [r:\cenzic\mozilla\js\src\jsapi.c:936] Free location free [f:\vs70builds\3077\vc\crtbld\crt\src\dbgheap.c:1024] JS_FinishArenaPool [r:\cenzic\mozilla\js\src\jsarena.c:445] JS_GC [r:\cenzic\mozilla\js\src\jsapi.c:1749] [E] FFM: Freeing freed memory in free {1 occurrence} Address 0x047dd200 points into a malloc'd block in heap 0x003e0000 Location of free attempt free [f:\vs70builds\3077\vc\crtbld\crt\src\dbgheap.c:1024] JS_FinishArenaPool [r:\cenzic\mozilla\js\src\jsarena.c:445] js_DestroyContext [r:\cenzic\mozilla\js\src\jscntxt.c:283] /* Take the runtime down, now that it has no contexts or atoms. */ JS_LOCK_GC(rt); rt->state = JSRTS_DOWN; JS_NOTIFY_ALL_CONDVAR(rt->stateChange); JS_UNLOCK_GC(rt); } else { if (gcmode == JS_FORCE_GC) js_ForceGC(cx, 0); else if (gcmode == JS_MAYBE_GC) JS_MaybeGC(cx); } /* Free the stuff hanging off of cx. */ JS_FinishArenaPool(&cx->stackPool); => JS_FinishArenaPool(&cx->tempPool); if (cx->lastMessage) free(cx->lastMessage); /* Remove any argument formatters. */ map = cx->argumentFormatMap; while (map) { JSArgumentFormatMap *temp = map; map = map->next; JS_free(cx, temp); } /* Destroy the resolve recursion damper. */ if (cx->resolvingTable) { JS_DHashTableDestroy(cx->resolvingTable); cx->resolvingTable = NULL; JS_DestroyContext [r:\cenzic\mozilla\js\src\jsapi.c:942] Allocation location malloc [f:\vs70builds\3077\vc\crtbld\crt\src\dbgheap.c:138] mbsdup [f:\vs70builds\3077\vc\crtbld\crt\src\strdup.c:42] JS_InitArenaPool [r:\cenzic\mozilla\js\src\jsarena.c:90] js_NewContext [r:\cenzic\mozilla\js\src\jscntxt.c:134] JS_NewContext [r:\cenzic\mozilla\js\src\jsapi.c:936] Free location free [f:\vs70builds\3077\vc\crtbld\crt\src\dbgheap.c:1024] JS_FinishArenaPool [r:\cenzic\mozilla\js\src\jsarena.c:445] JS_GC [r:\cenzic\mozilla\js\src\jsapi.c:1751] -- JS3250$Purify_r_cenzic_mozilla_dbg-i686-pc-cygwin_dist_bin.DLL!JS_FinishArenaPool(JSArenaPool * pool=0x047bf6c8) Line 445 C JS3250$Purify_r_cenzic_mozilla_dbg-i686-pc-cygwin_dist_bin.DLL!js_DestroyContext(JSContext * cx=0x047bf6b0, JSGCMode gcmode=JS_FORCE_GC) Line 282 + 0x1e C JS3250$Purify_r_cenzic_mozilla_dbg-i686-pc-cygwin_dist_bin.DLL!JS_DestroyContext(JSContext * cx=0x047bf6b0) Line 942 + 0x29 C > xpc3250$Purify_r_cenzic_mozilla_dbg-i686-pc-cygwin_dist_bin_components.dll!mozJSComponentLoader::UnloadAll(int aWhen=0x00000003) Line 1114 + 0x29 C++ XPCOM__CORE$Purify_r_cenzic_mozilla_dbg-i686-pc-cygwin_dist_bin.DLL!nsComponentManagerImpl::UnloadLibraries(nsIServiceManager * serviceMgr=0x00000000, int aWhen=0x00000003) Line 3093 + 0x87 C++ XPCOM__CORE$Purify_r_cenzic_mozilla_dbg-i686-pc-cygwin_dist_bin.DLL!nsComponentManagerImpl::Shutdown() Line 891 + 0x1e C++ XPCOM__CORE$Purify_r_cenzic_mozilla_dbg-i686-pc-cygwin_dist_bin.DLL!NS_ShutdownXPCOM_P(nsIServiceManager * servMgr=0x00000000) Line 816 + 0x1e C++ xpcshell$Purify_r_cenzic_mozilla_dbg-i686-pc-cygwin_dist_bin.exe!main(int argc=0x00000000, char * * argv=0x003e800c, char * * envp=0x003e2be0) Line 1093 + 0x8 C++ xpcshell$Purify_r_cenzic_mozilla_dbg-i686-pc-cygwin_dist_bin.exe!mainCRTStartup() Line 398 + 0x11 C - cx->tempPool.stats.name 0x048098b0 "®®®®®®®®®®®®®®®®®®®®®ýýýýÝÝÝÝ" char * 0xae '®' char 0xae = ABR marker [E] FFM: Freeing freed memory in free {1 occurrence} Address 0x04811838 points into a malloc'd block in heap 0x003e0000 Location of free attempt free [f:\vs70builds\3077\vc\crtbld\crt\src\dbgheap.c:1024] JS_FinishArenaPool [r:\cenzic\mozilla\js\src\jsarena.c:445] js_DestroyContext [r:\cenzic\mozilla\js\src\jscntxt.c:282] js_FinishRuntimeScriptState(cx); /* Take the runtime down, now that it has no contexts or atoms. */ JS_LOCK_GC(rt); rt->state = JSRTS_DOWN; JS_NOTIFY_ALL_CONDVAR(rt->stateChange); JS_UNLOCK_GC(rt); } else { if (gcmode == JS_FORCE_GC) js_ForceGC(cx, 0); else if (gcmode == JS_MAYBE_GC) JS_MaybeGC(cx); } /* Free the stuff hanging off of cx. */ => JS_FinishArenaPool(&cx->stackPool); JS_FinishArenaPool(&cx->tempPool); if (cx->lastMessage) free(cx->lastMessage); /* Remove any argument formatters. */ map = cx->argumentFormatMap; while (map) { JSArgumentFormatMap *temp = map; map = map->next; JS_free(cx, temp); } /* Destroy the resolve recursion damper. */ if (cx->resolvingTable) { JS_DHashTableDestroy(cx->resolvingTable); JS_DestroyContext [r:\cenzic\mozilla\js\src\jsapi.c:942] mozJSComponentLoader::UnloadAll(int) [r:\cenzic\mozilla\js\src\xpconnect\loader\mozjscomponentloader.cpp:1114] nsComponentManagerImpl::UnloadLibraries(nsIServiceManager *,int) [r:\cenzic\mozilla\xpcom\components\nscomponentmanager.cpp:3093] nsComponentManagerImpl::Shutdown(void) [r:\cenzic\mozilla\xpcom\components\nscomponentmanager.cpp:891] NS_ShutdownXPCOM_P [r:\cenzic\mozilla\xpcom\build\nsxpcominit.cpp:816] Allocation location malloc [f:\vs70builds\3077\vc\crtbld\crt\src\dbgheap.c:138] mbsdup [f:\vs70builds\3077\vc\crtbld\crt\src\strdup.c:42] JS_InitArenaPool [r:\cenzic\mozilla\js\src\jsarena.c:90] js_NewContext [r:\cenzic\mozilla\js\src\jscntxt.c:133] JS_NewContext [r:\cenzic\mozilla\js\src\jsapi.c:936] mozJSComponentLoader::UnloadAll(int) [r:\cenzic\mozilla\js\src\xpconnect\loader\mozjscomponentloader.cpp:1111] nsComponentManagerImpl::UnloadLibraries(nsIServiceManager *,int) [r:\cenzic\mozilla\xpcom\components\nscomponentmanager.cpp:3093] nsComponentManagerImpl::Shutdown(void) [r:\cenzic\mozilla\xpcom\components\nscomponentmanager.cpp:891] NS_ShutdownXPCOM_P [r:\cenzic\mozilla\xpcom\build\nsxpcominit.cpp:816] Free location free [f:\vs70builds\3077\vc\crtbld\crt\src\dbgheap.c:1024] JS_FinishArenaPool [r:\cenzic\mozilla\js\src\jsarena.c:445] JS_GC [r:\cenzic\mozilla\js\src\jsapi.c:1749] mozJSComponentLoader::UnloadAll(int) [r:\cenzic\mozilla\js\src\xpconnect\loader\mozjscomponentloader.cpp:1113] nsComponentManagerImpl::UnloadLibraries(nsIServiceManager *,int) [r:\cenzic\mozilla\xpcom\components\nscomponentmanager.cpp:3093] nsComponentManagerImpl::Shutdown(void) [r:\cenzic\mozilla\xpcom\components\nscomponentmanager.cpp:891] NS_ShutdownXPCOM_P [r:\cenzic\mozilla\xpcom\build\nsxpcominit.cpp:816] -- > JS3250$Purify_r_cenzic_mozilla_dbg-i686-pc-cygwin_dist_bin.DLL!JS_FinishArenaPool(JSArenaPool * pool=0x04757738) Line 445 C JS3250$Purify_r_cenzic_mozilla_dbg-i686-pc-cygwin_dist_bin.DLL!js_DestroyContext(JSContext * cx=0x04757720, JSGCMode gcmode=JS_FORCE_GC) Line 282 + 0x1e C JS3250$Purify_r_cenzic_mozilla_dbg-i686-pc-cygwin_dist_bin.DLL!JS_DestroyContext(JSContext * cx=0x04757720) Line 942 + 0x29 C xpc3250$Purify_r_cenzic_mozilla_dbg-i686-pc-cygwin_dist_bin_components.dll!XPCJSContextStack::~XPCJSContextStack() Line 60 + 0x36 C++ xpc3250$Purify_r_cenzic_mozilla_dbg-i686-pc-cygwin_dist_bin_components.dll!XPCJSContextStack::`scalar deleting destructor'() + 0x37 C++ xpc3250$Purify_r_cenzic_mozilla_dbg-i686-pc-cygwin_dist_bin_components.dll!XPCPerThreadData::CleanupAllThreads() Line 543 + 0x76 C++ xpc3250$Purify_r_cenzic_mozilla_dbg-i686-pc-cygwin_dist_bin_components.dll!nsXPConnect::~nsXPConnect() Line 144 + 0xb C++ xpc3250$Purify_r_cenzic_mozilla_dbg-i686-pc-cygwin_dist_bin_components.dll!nsXPConnect::`scalar deleting destructor'() + 0x37 C++ xpc3250$Purify_r_cenzic_mozilla_dbg-i686-pc-cygwin_dist_bin_components.dll!nsXPConnect::Release() Line 47 + 0x1f2 C++ caps$Purify_r_cenzic_mozilla_dbg-i686-pc-cygwin_dist_bin_components.dll!nsScriptSecurityManager::Shutdown() Line 2832 + 0x6a C++ caps$Purify_r_cenzic_mozilla_dbg-i686-pc-cygwin_dist_bin_components.dll!CapsModuleDtor(nsIModule * thisModules=0x047bcc98) Line 429 + 0xb C++ XPCOM__CORE$Purify_r_cenzic_mozilla_dbg-i686-pc-cygwin_dist_bin.DLL!nsGenericModule::Shutdown() Line 344 + 0x26 C++ XPCOM__CORE$Purify_r_cenzic_mozilla_dbg-i686-pc-cygwin_dist_bin.DLL!nsGenericModule::~nsGenericModule() Line 241 + 0xe C++ XPCOM__CORE$Purify_r_cenzic_mozilla_dbg-i686-pc-cygwin_dist_bin.DLL!nsGenericModule::`scalar deleting destructor'() + 0x37 C++ XPCOM__CORE$Purify_r_cenzic_mozilla_dbg-i686-pc-cygwin_dist_bin.DLL!nsGenericModule::Release() Line 249 + 0x1bd C++ XPCOM__CORE$Purify_r_cenzic_mozilla_dbg-i686-pc-cygwin_dist_bin.DLL!nsDll::Shutdown() Line 381 + 0x4b C++ XPCOM__CORE$Purify_r_cenzic_mozilla_dbg-i686-pc-cygwin_dist_bin.DLL!nsFreeLibrary(nsDll * dll=0x047bddb8, nsIServiceManager * serviceMgr=0x00000000, int when=0x00000003) Line 289 + 0xe C++ XPCOM__CORE$Purify_r_cenzic_mozilla_dbg-i686-pc-cygwin_dist_bin.DLL!nsFreeLibraryEnum(nsHashKey * aKey=0x047bde78, void * aData=0x047bddb8, void * closure=0x0013f098) Line 362 + 0xc7 C++ XPCOM__CORE$Purify_r_cenzic_mozilla_dbg-i686-pc-cygwin_dist_bin.DLL!hashEnumerate(PLDHashTable * table=0x003ef338, PLDHashEntryHdr * hdr=0x04749acc, unsigned int i=0x00000027, void * arg=0x0013f07c) Line 131 + 0x6b C++ XPCOM__CORE$Purify_r_cenzic_mozilla_dbg-i686-pc-cygwin_dist_bin.DLL!PL_DHashTableEnumerate(PLDHashTable * table=0x003ef338, PLDHashOperator (PLDHashTable *, PLDHashEntryHdr *, unsigned int, void *)* etor=0x005ef2c0, void * arg=0x0013f07c) Line 619 + 0x59 C XPCOM__CORE$Purify_r_cenzic_mozilla_dbg-i686-pc-cygwin_dist_bin.DLL!nsHashtable::Enumerate(int (nsHashKey *, void *, void *)* aEnumFunc=0x006d5b40, void * aClosure=0x0013f098) Line 319 + 0x3f C++ XPCOM__CORE$Purify_r_cenzic_mozilla_dbg-i686-pc-cygwin_dist_bin.DLL!nsNativeComponentLoader::UnloadAll(int aWhen=0x00000003) Line 983 + 0x32 C++ XPCOM__CORE$Purify_r_cenzic_mozilla_dbg-i686-pc-cygwin_dist_bin.DLL!nsComponentManagerImpl::UnloadLibraries(nsIServiceManager * serviceMgr=0x00000000, int aWhen=0x00000003) Line 3100 + 0x5b C++ XPCOM__CORE$Purify_r_cenzic_mozilla_dbg-i686-pc-cygwin_dist_bin.DLL!nsComponentManagerImpl::Shutdown() Line 891 + 0x1e C++ XPCOM__CORE$Purify_r_cenzic_mozilla_dbg-i686-pc-cygwin_dist_bin.DLL!NS_ShutdownXPCOM_P(nsIServiceManager * servMgr=0x00000000) Line 816 + 0x1e C++ xpcshell$Purify_r_cenzic_mozilla_dbg-i686-pc-cygwin_dist_bin.exe!main(int argc=0x00000000, char * * argv=0x003e800c, char * * envp=0x003e2be0) Line 1093 + 0x8 C++ xpcshell$Purify_r_cenzic_mozilla_dbg-i686-pc-cygwin_dist_bin.exe!mainCRTStartup() Line 398 + 0x11 C - pool->stats.name 0x04757970 "ÝÝÝÝÝÝÝÝÝÝÝÝÝÝÝÝÝÝÝÝÝÝÝÝÝÝÝÝÝÝÝÝÝÝÝÝÝÝÝÝÝÝÝÝÝÝÝÝÝÝÝÝÝÝÝÝÝÝÝÝÝÝÝÝÝÝÝÝÝÝÝÝÝÝÝÝÝÝÝÝÝÝÝÝÝÝÝÝÝÝÝÝÝÝÝÝÝÝÝÝÝÝÝÝÝÝÝÝÝ" char * 0xdd 'Ý' char 0xdd is crt dead land (deleted objects) one could obviously wallpaper over this by nulling out the pool name field, but that seems like entirely the wrong thing to do (for one, i'd love to see the pool name field each time the pool is handled, not just the first time; for another there's the minor detail of why the code is playing with a pool that it sort of thinks it killed...)
Attached file purify log
Status: UNCONFIRMED → NEW
Ever confirmed: true
Priority: -- → P5
Summarize accurately, please! /be
Summary: JS_FinishArenaPool called repeatedly for the same pools ... [E] FFM: Freeing freed memory in free {1 occurrence} → JS_FinishArenaPool JS_ARENAMETER-only dup free ... [E] FFM: Freeing freed memory in free {1 occurrence}
Flags: testcase-
This code has been removed.
Status: NEW → RESOLVED
Closed: 13 years ago
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: