Closed
Bug 290115
Opened 20 years ago
Closed 12 years ago
JS_FinishArenaPool JS_ARENAMETER-only dup free ... [E] FFM: Freeing freed memory in free {1 occurrence}
Categories
(Core :: JavaScript Engine, defect, P5)
Tracking
()
RESOLVED
WORKSFORME
People
(Reporter: timeless, Unassigned)
Details
Attachments
(1 file)
|
118.40 KB,
text/plain
|
Details |
steps:
1. build w/ JS_ARENAMETER
2. run xpcshell under purify
3. quit()
actual results:
[E] FFM: Freeing freed memory in free {1 occurrence}
Address 0x047e1238 points into a malloc'd block in heap 0x003e0000
Location of free attempt
free [f:\vs70builds\3077\vc\crtbld\crt\src\dbgheap.c:1024]
*
*Purpose:
* Frees a 'normal' memory block.
*
*Entry:
* void * pUserData - pointer to a (user portion) of memory block
in the
* debug heap
*
*Return:
* <void>
*
*******************************************************************************/
_CRTIMP void __cdecl free(
void * pUserData
)
=> {
_free_dbg(pUserData, _NORMAL_BLOCK);
}
#ifdef _MT
void __cdecl _free_lk(
void * pUserData
)
{
_free_dbg_lk(pUserData, _NORMAL_BLOCK);
}
#endif /* _MT */
JS_FinishArenaPool [r:\cenzic\mozilla\js\src\jsarena.c:445]
JS_GC [r:\cenzic\mozilla\js\src\jsapi.c:1749]
JS_MarkGCThing(JSContext *cx, void *thing, const char *name, void *arg)
{
JS_ASSERT(cx->runtime->gcLevel > 0);
#ifdef JS_THREADSAFE
JS_ASSERT(cx->runtime->gcThread == js_CurrentThreadId());
#endif
GC_MARK(cx, thing, name, arg);
}
JS_PUBLIC_API(void)
JS_GC(JSContext *cx)
{
/* Don't nuke active arenas if executing or compiling. */
if (cx->stackPool.current == &cx->stackPool.first)
=> JS_FinishArenaPool(&cx->stackPool);
if (cx->tempPool.current == &cx->tempPool.first)
JS_FinishArenaPool(&cx->tempPool);
js_ForceGC(cx, 0);
}
JS_PUBLIC_API(void)
JS_MaybeGC(JSContext *cx)
{
JSRuntime *rt;
uint32 bytes, lastBytes;
rt = cx->runtime;
bytes = rt->gcBytes;
lastBytes = rt->gcLastBytes;
if ((bytes > 8192 && bytes > lastBytes + lastBytes / 2) ||
Allocation location
malloc [f:\vs70builds\3077\vc\crtbld\crt\src\dbgheap.c:138]
mbsdup [f:\vs70builds\3077\vc\crtbld\crt\src\strdup.c:42]
JS_InitArenaPool [r:\cenzic\mozilla\js\src\jsarena.c:90]
js_NewContext [r:\cenzic\mozilla\js\src\jscntxt.c:133]
JS_NewContext [r:\cenzic\mozilla\js\src\jsapi.c:936]
Free location
free [f:\vs70builds\3077\vc\crtbld\crt\src\dbgheap.c:1024]
JS_FinishArenaPool [r:\cenzic\mozilla\js\src\jsarena.c:445]
JS_FreeArenaPool(JSArenaPool *pool)
{
FreeArenaList(pool, &pool->first, JS_FALSE);
COUNT(pool, ndeallocs);
}
JS_PUBLIC_API(void)
JS_FinishArenaPool(JSArenaPool *pool)
{
FreeArenaList(pool, &pool->first, JS_TRUE);
#ifdef JS_ARENAMETER
{
JSArenaStats *stats, **statsp;
if (pool->stats.name)
=> free(pool->stats.name);
for (statsp = &arena_stats_list; (stats = *statsp) != 0;
statsp = &stats->next) {
if (stats == &pool->stats) {
*statsp = stats->next;
return;
}
}
}
#endif
}
JS_PUBLIC_API(void)
JS_ArenaFinish()
{
JSArena *a, *next;
JS_GC [r:\cenzic\mozilla\js\src\jsapi.c:1749]
JS_MarkGCThing(JSContext *cx, void *thing, const char *name, void *arg)
{
JS_ASSERT(cx->runtime->gcLevel > 0);
#ifdef JS_THREADSAFE
JS_ASSERT(cx->runtime->gcThread == js_CurrentThreadId());
#endif
GC_MARK(cx, thing, name, arg);
}
JS_PUBLIC_API(void)
JS_GC(JSContext *cx)
{
/* Don't nuke active arenas if executing or compiling. */
if (cx->stackPool.current == &cx->stackPool.first)
=> JS_FinishArenaPool(&cx->stackPool);
if (cx->tempPool.current == &cx->tempPool.first)
JS_FinishArenaPool(&cx->tempPool);
js_ForceGC(cx, 0);
}
JS_PUBLIC_API(void)
JS_MaybeGC(JSContext *cx)
{
JSRuntime *rt;
uint32 bytes, lastBytes;
rt = cx->runtime;
bytes = rt->gcBytes;
lastBytes = rt->gcLastBytes;
if ((bytes > 8192 && bytes > lastBytes + lastBytes / 2) ||
--
The purify report for this is unfortunately not deep enough,
visual studio call stacks:
JS3250$Purify_r_cenzic_mozilla_dbg-i686-pc-cygwin_dist_bin.DLL!JS_FinishArenaPool(JSArenaPool
* pool=0x04823e90) Line 445 C
JS3250$Purify_r_cenzic_mozilla_dbg-i686-pc-cygwin_dist_bin.DLL!JS_GC(JSContext
* cx=0x04823e10) Line 1749 + 0x21 C
> xpcshell$Purify_r_cenzic_mozilla_dbg-i686-pc-cygwin_dist_bin.exe!main(int
argc=0x00000000, char * * argv=0x003e800c, char * * envp=0x003e2be0) Line
1083 + 0xa C++
xpcshell$Purify_r_cenzic_mozilla_dbg-i686-pc-cygwin_dist_bin.exe!mainCRTStartup()
Line 398 + 0x11 C
JS_ClearScope(cx, glob);
JS_GC(cx); //xpcshell.cpp line 1083
JSContext *oldcx;
cxstack->Pop(&oldcx);
NS_ASSERTION(oldcx == cx, "JS thread context push/pop mismatch");
cxstack = nsnull;
JS_GC(cx); //xpcshell.cpp line 1088
JS_DestroyContext(cx);
xpc->SyncJSContexts();
} // this scopes the nsCOMPtrs
// no nsCOMPtrs are allowed to be alive when you call NS_ShutdownXPCOM
JS3250$Purify_r_cenzic_mozilla_dbg-i686-pc-cygwin_dist_bin.DLL!JS_FinishArenaPool(JSArenaPool
* pool=0x04823e28) Line 445 C
JS3250$Purify_r_cenzic_mozilla_dbg-i686-pc-cygwin_dist_bin.DLL!JS_GC(JSContext
* cx=0x04823e10) Line 1749 + 0x1e C
> xpcshell$Purify_r_cenzic_mozilla_dbg-i686-pc-cygwin_dist_bin.exe!main(int
argc=0x00000000, char * * argv=0x003e800c, char * * envp=0x003e2be0) Line
1088 + 0xa C++
xpcshell$Purify_r_cenzic_mozilla_dbg-i686-pc-cygwin_dist_bin.exe!mainCRTStartup()
Line 398 + 0x11 C
this happens a couple of times, later we hit the same freed bits under:
JS3250$Purify_r_cenzic_mozilla_dbg-i686-pc-cygwin_dist_bin.DLL!JS_FinishArenaPool(JSArenaPool
* pool=0x04823e28) Line 445 C
>
JS3250$Purify_r_cenzic_mozilla_dbg-i686-pc-cygwin_dist_bin.DLL!js_DestroyContext(JSContext
* cx=0x04823e10, JSGCMode gcmode=JS_FORCE_GC) Line 282 + 0x1e C
JS3250$Purify_r_cenzic_mozilla_dbg-i686-pc-cygwin_dist_bin.DLL!JS_DestroyContext(JSContext
* cx=0x04823e10) Line 942 + 0x29 C
xpcshell$Purify_r_cenzic_mozilla_dbg-i686-pc-cygwin_dist_bin.exe!main(int
argc=0x00000000, char * * argv=0x003e800c, char * * envp=0x003e2be0) Line
1089 + 0xa C++
xpcshell$Purify_r_cenzic_mozilla_dbg-i686-pc-cygwin_dist_bin.exe!mainCRTStartup()
Line 398 + 0x11 C
/* Free the stuff hanging off of cx. */
JS_FinishArenaPool(&cx->stackPool);/* jscntxt.c line 282 */
JS_FinishArenaPool(&cx->tempPool);
[E] FFM: Freeing freed memory in free {1 occurrence}
Address 0x047e1238 points into a malloc'd block in heap 0x003e0000
Location of free attempt
free [f:\vs70builds\3077\vc\crtbld\crt\src\dbgheap.c:1024]
JS_FinishArenaPool [r:\cenzic\mozilla\js\src\jsarena.c:445]
js_DestroyContext [r:\cenzic\mozilla\js\src\jscntxt.c:282]
js_FinishRuntimeScriptState(cx);
/* Take the runtime down, now that it has no contexts or
atoms. */
JS_LOCK_GC(rt);
rt->state = JSRTS_DOWN;
JS_NOTIFY_ALL_CONDVAR(rt->stateChange);
JS_UNLOCK_GC(rt);
} else {
if (gcmode == JS_FORCE_GC)
js_ForceGC(cx, 0);
else if (gcmode == JS_MAYBE_GC)
JS_MaybeGC(cx);
}
/* Free the stuff hanging off of cx. */
=> JS_FinishArenaPool(&cx->stackPool);
JS_FinishArenaPool(&cx->tempPool);
if (cx->lastMessage)
free(cx->lastMessage);
/* Remove any argument formatters. */
map = cx->argumentFormatMap;
while (map) {
JSArgumentFormatMap *temp = map;
map = map->next;
JS_free(cx, temp);
}
/* Destroy the resolve recursion damper. */
if (cx->resolvingTable) {
JS_DHashTableDestroy(cx->resolvingTable);
JS_DestroyContext [r:\cenzic\mozilla\js\src\jsapi.c:942]
Allocation location
malloc [f:\vs70builds\3077\vc\crtbld\crt\src\dbgheap.c:138]
mbsdup [f:\vs70builds\3077\vc\crtbld\crt\src\strdup.c:42]
JS_InitArenaPool [r:\cenzic\mozilla\js\src\jsarena.c:90]
js_NewContext [r:\cenzic\mozilla\js\src\jscntxt.c:133]
JS_NewContext [r:\cenzic\mozilla\js\src\jsapi.c:936]
Free location
free [f:\vs70builds\3077\vc\crtbld\crt\src\dbgheap.c:1024]
JS_FinishArenaPool [r:\cenzic\mozilla\js\src\jsarena.c:445]
JS_GC [r:\cenzic\mozilla\js\src\jsapi.c:1749]
[E] FFM: Freeing freed memory in free {1 occurrence}
Address 0x047dd200 points into a malloc'd block in heap 0x003e0000
Location of free attempt
free [f:\vs70builds\3077\vc\crtbld\crt\src\dbgheap.c:1024]
JS_FinishArenaPool [r:\cenzic\mozilla\js\src\jsarena.c:445]
js_DestroyContext [r:\cenzic\mozilla\js\src\jscntxt.c:283]
/* Take the runtime down, now that it has no contexts or
atoms. */
JS_LOCK_GC(rt);
rt->state = JSRTS_DOWN;
JS_NOTIFY_ALL_CONDVAR(rt->stateChange);
JS_UNLOCK_GC(rt);
} else {
if (gcmode == JS_FORCE_GC)
js_ForceGC(cx, 0);
else if (gcmode == JS_MAYBE_GC)
JS_MaybeGC(cx);
}
/* Free the stuff hanging off of cx. */
JS_FinishArenaPool(&cx->stackPool);
=> JS_FinishArenaPool(&cx->tempPool);
if (cx->lastMessage)
free(cx->lastMessage);
/* Remove any argument formatters. */
map = cx->argumentFormatMap;
while (map) {
JSArgumentFormatMap *temp = map;
map = map->next;
JS_free(cx, temp);
}
/* Destroy the resolve recursion damper. */
if (cx->resolvingTable) {
JS_DHashTableDestroy(cx->resolvingTable);
cx->resolvingTable = NULL;
JS_DestroyContext [r:\cenzic\mozilla\js\src\jsapi.c:942]
Allocation location
malloc [f:\vs70builds\3077\vc\crtbld\crt\src\dbgheap.c:138]
mbsdup [f:\vs70builds\3077\vc\crtbld\crt\src\strdup.c:42]
JS_InitArenaPool [r:\cenzic\mozilla\js\src\jsarena.c:90]
js_NewContext [r:\cenzic\mozilla\js\src\jscntxt.c:134]
JS_NewContext [r:\cenzic\mozilla\js\src\jsapi.c:936]
Free location
free [f:\vs70builds\3077\vc\crtbld\crt\src\dbgheap.c:1024]
JS_FinishArenaPool [r:\cenzic\mozilla\js\src\jsarena.c:445]
JS_GC [r:\cenzic\mozilla\js\src\jsapi.c:1751]
--
JS3250$Purify_r_cenzic_mozilla_dbg-i686-pc-cygwin_dist_bin.DLL!JS_FinishArenaPool(JSArenaPool
* pool=0x047bf6c8) Line 445 C
JS3250$Purify_r_cenzic_mozilla_dbg-i686-pc-cygwin_dist_bin.DLL!js_DestroyContext(JSContext
* cx=0x047bf6b0, JSGCMode gcmode=JS_FORCE_GC) Line 282 + 0x1e C
JS3250$Purify_r_cenzic_mozilla_dbg-i686-pc-cygwin_dist_bin.DLL!JS_DestroyContext(JSContext
* cx=0x047bf6b0) Line 942 + 0x29 C
>
xpc3250$Purify_r_cenzic_mozilla_dbg-i686-pc-cygwin_dist_bin_components.dll!mozJSComponentLoader::UnloadAll(int
aWhen=0x00000003) Line 1114 + 0x29 C++
XPCOM__CORE$Purify_r_cenzic_mozilla_dbg-i686-pc-cygwin_dist_bin.DLL!nsComponentManagerImpl::UnloadLibraries(nsIServiceManager
* serviceMgr=0x00000000, int aWhen=0x00000003) Line 3093 + 0x87 C++
XPCOM__CORE$Purify_r_cenzic_mozilla_dbg-i686-pc-cygwin_dist_bin.DLL!nsComponentManagerImpl::Shutdown()
Line 891 + 0x1e C++
XPCOM__CORE$Purify_r_cenzic_mozilla_dbg-i686-pc-cygwin_dist_bin.DLL!NS_ShutdownXPCOM_P(nsIServiceManager
* servMgr=0x00000000) Line 816 + 0x1e C++
xpcshell$Purify_r_cenzic_mozilla_dbg-i686-pc-cygwin_dist_bin.exe!main(int
argc=0x00000000, char * * argv=0x003e800c, char * * envp=0x003e2be0) Line
1093 + 0x8 C++
xpcshell$Purify_r_cenzic_mozilla_dbg-i686-pc-cygwin_dist_bin.exe!mainCRTStartup()
Line 398 + 0x11 C
- cx->tempPool.stats.name 0x048098b0 "®®®®®®®®®®®®®®®®®®®®®ýýýýÝÝÝÝ" char *
0xae '®' char
0xae = ABR marker
[E] FFM: Freeing freed memory in free {1 occurrence}
Address 0x04811838 points into a malloc'd block in heap 0x003e0000
Location of free attempt
free [f:\vs70builds\3077\vc\crtbld\crt\src\dbgheap.c:1024]
JS_FinishArenaPool [r:\cenzic\mozilla\js\src\jsarena.c:445]
js_DestroyContext [r:\cenzic\mozilla\js\src\jscntxt.c:282]
js_FinishRuntimeScriptState(cx);
/* Take the runtime down, now that it has no contexts or
atoms. */
JS_LOCK_GC(rt);
rt->state = JSRTS_DOWN;
JS_NOTIFY_ALL_CONDVAR(rt->stateChange);
JS_UNLOCK_GC(rt);
} else {
if (gcmode == JS_FORCE_GC)
js_ForceGC(cx, 0);
else if (gcmode == JS_MAYBE_GC)
JS_MaybeGC(cx);
}
/* Free the stuff hanging off of cx. */
=> JS_FinishArenaPool(&cx->stackPool);
JS_FinishArenaPool(&cx->tempPool);
if (cx->lastMessage)
free(cx->lastMessage);
/* Remove any argument formatters. */
map = cx->argumentFormatMap;
while (map) {
JSArgumentFormatMap *temp = map;
map = map->next;
JS_free(cx, temp);
}
/* Destroy the resolve recursion damper. */
if (cx->resolvingTable) {
JS_DHashTableDestroy(cx->resolvingTable);
JS_DestroyContext [r:\cenzic\mozilla\js\src\jsapi.c:942]
mozJSComponentLoader::UnloadAll(int)
[r:\cenzic\mozilla\js\src\xpconnect\loader\mozjscomponentloader.cpp:1114]
nsComponentManagerImpl::UnloadLibraries(nsIServiceManager *,int)
[r:\cenzic\mozilla\xpcom\components\nscomponentmanager.cpp:3093]
nsComponentManagerImpl::Shutdown(void)
[r:\cenzic\mozilla\xpcom\components\nscomponentmanager.cpp:891]
NS_ShutdownXPCOM_P [r:\cenzic\mozilla\xpcom\build\nsxpcominit.cpp:816]
Allocation location
malloc [f:\vs70builds\3077\vc\crtbld\crt\src\dbgheap.c:138]
mbsdup [f:\vs70builds\3077\vc\crtbld\crt\src\strdup.c:42]
JS_InitArenaPool [r:\cenzic\mozilla\js\src\jsarena.c:90]
js_NewContext [r:\cenzic\mozilla\js\src\jscntxt.c:133]
JS_NewContext [r:\cenzic\mozilla\js\src\jsapi.c:936]
mozJSComponentLoader::UnloadAll(int)
[r:\cenzic\mozilla\js\src\xpconnect\loader\mozjscomponentloader.cpp:1111]
nsComponentManagerImpl::UnloadLibraries(nsIServiceManager *,int)
[r:\cenzic\mozilla\xpcom\components\nscomponentmanager.cpp:3093]
nsComponentManagerImpl::Shutdown(void)
[r:\cenzic\mozilla\xpcom\components\nscomponentmanager.cpp:891]
NS_ShutdownXPCOM_P [r:\cenzic\mozilla\xpcom\build\nsxpcominit.cpp:816]
Free location
free [f:\vs70builds\3077\vc\crtbld\crt\src\dbgheap.c:1024]
JS_FinishArenaPool [r:\cenzic\mozilla\js\src\jsarena.c:445]
JS_GC [r:\cenzic\mozilla\js\src\jsapi.c:1749]
mozJSComponentLoader::UnloadAll(int)
[r:\cenzic\mozilla\js\src\xpconnect\loader\mozjscomponentloader.cpp:1113]
nsComponentManagerImpl::UnloadLibraries(nsIServiceManager *,int)
[r:\cenzic\mozilla\xpcom\components\nscomponentmanager.cpp:3093]
nsComponentManagerImpl::Shutdown(void)
[r:\cenzic\mozilla\xpcom\components\nscomponentmanager.cpp:891]
NS_ShutdownXPCOM_P [r:\cenzic\mozilla\xpcom\build\nsxpcominit.cpp:816]
--
>
JS3250$Purify_r_cenzic_mozilla_dbg-i686-pc-cygwin_dist_bin.DLL!JS_FinishArenaPool(JSArenaPool
* pool=0x04757738) Line 445 C
JS3250$Purify_r_cenzic_mozilla_dbg-i686-pc-cygwin_dist_bin.DLL!js_DestroyContext(JSContext
* cx=0x04757720, JSGCMode gcmode=JS_FORCE_GC) Line 282 + 0x1e C
JS3250$Purify_r_cenzic_mozilla_dbg-i686-pc-cygwin_dist_bin.DLL!JS_DestroyContext(JSContext
* cx=0x04757720) Line 942 + 0x29 C
xpc3250$Purify_r_cenzic_mozilla_dbg-i686-pc-cygwin_dist_bin_components.dll!XPCJSContextStack::~XPCJSContextStack()
Line 60 + 0x36 C++
xpc3250$Purify_r_cenzic_mozilla_dbg-i686-pc-cygwin_dist_bin_components.dll!XPCJSContextStack::`scalar
deleting destructor'() + 0x37 C++
xpc3250$Purify_r_cenzic_mozilla_dbg-i686-pc-cygwin_dist_bin_components.dll!XPCPerThreadData::CleanupAllThreads()
Line 543 + 0x76 C++
xpc3250$Purify_r_cenzic_mozilla_dbg-i686-pc-cygwin_dist_bin_components.dll!nsXPConnect::~nsXPConnect()
Line 144 + 0xb C++
xpc3250$Purify_r_cenzic_mozilla_dbg-i686-pc-cygwin_dist_bin_components.dll!nsXPConnect::`scalar
deleting destructor'() + 0x37 C++
xpc3250$Purify_r_cenzic_mozilla_dbg-i686-pc-cygwin_dist_bin_components.dll!nsXPConnect::Release()
Line 47 + 0x1f2 C++
caps$Purify_r_cenzic_mozilla_dbg-i686-pc-cygwin_dist_bin_components.dll!nsScriptSecurityManager::Shutdown()
Line 2832 + 0x6a C++
caps$Purify_r_cenzic_mozilla_dbg-i686-pc-cygwin_dist_bin_components.dll!CapsModuleDtor(nsIModule
* thisModules=0x047bcc98) Line 429 + 0xb C++
XPCOM__CORE$Purify_r_cenzic_mozilla_dbg-i686-pc-cygwin_dist_bin.DLL!nsGenericModule::Shutdown()
Line 344 + 0x26 C++
XPCOM__CORE$Purify_r_cenzic_mozilla_dbg-i686-pc-cygwin_dist_bin.DLL!nsGenericModule::~nsGenericModule()
Line 241 + 0xe C++
XPCOM__CORE$Purify_r_cenzic_mozilla_dbg-i686-pc-cygwin_dist_bin.DLL!nsGenericModule::`scalar
deleting destructor'() + 0x37 C++
XPCOM__CORE$Purify_r_cenzic_mozilla_dbg-i686-pc-cygwin_dist_bin.DLL!nsGenericModule::Release()
Line 249 + 0x1bd C++
XPCOM__CORE$Purify_r_cenzic_mozilla_dbg-i686-pc-cygwin_dist_bin.DLL!nsDll::Shutdown()
Line 381 + 0x4b C++
XPCOM__CORE$Purify_r_cenzic_mozilla_dbg-i686-pc-cygwin_dist_bin.DLL!nsFreeLibrary(nsDll
* dll=0x047bddb8, nsIServiceManager * serviceMgr=0x00000000, int
when=0x00000003) Line 289 + 0xe C++
XPCOM__CORE$Purify_r_cenzic_mozilla_dbg-i686-pc-cygwin_dist_bin.DLL!nsFreeLibraryEnum(nsHashKey
* aKey=0x047bde78, void * aData=0x047bddb8, void * closure=0x0013f098) Line
362 + 0xc7 C++
XPCOM__CORE$Purify_r_cenzic_mozilla_dbg-i686-pc-cygwin_dist_bin.DLL!hashEnumerate(PLDHashTable
* table=0x003ef338, PLDHashEntryHdr * hdr=0x04749acc, unsigned int i=0x00000027,
void * arg=0x0013f07c) Line 131 + 0x6b C++
XPCOM__CORE$Purify_r_cenzic_mozilla_dbg-i686-pc-cygwin_dist_bin.DLL!PL_DHashTableEnumerate(PLDHashTable
* table=0x003ef338, PLDHashOperator (PLDHashTable *, PLDHashEntryHdr *, unsigned
int, void *)* etor=0x005ef2c0, void * arg=0x0013f07c) Line 619 + 0x59 C
XPCOM__CORE$Purify_r_cenzic_mozilla_dbg-i686-pc-cygwin_dist_bin.DLL!nsHashtable::Enumerate(int
(nsHashKey *, void *, void *)* aEnumFunc=0x006d5b40, void * aClosure=0x0013f098)
Line 319 + 0x3f C++
XPCOM__CORE$Purify_r_cenzic_mozilla_dbg-i686-pc-cygwin_dist_bin.DLL!nsNativeComponentLoader::UnloadAll(int
aWhen=0x00000003) Line 983 + 0x32 C++
XPCOM__CORE$Purify_r_cenzic_mozilla_dbg-i686-pc-cygwin_dist_bin.DLL!nsComponentManagerImpl::UnloadLibraries(nsIServiceManager
* serviceMgr=0x00000000, int aWhen=0x00000003) Line 3100 + 0x5b C++
XPCOM__CORE$Purify_r_cenzic_mozilla_dbg-i686-pc-cygwin_dist_bin.DLL!nsComponentManagerImpl::Shutdown()
Line 891 + 0x1e C++
XPCOM__CORE$Purify_r_cenzic_mozilla_dbg-i686-pc-cygwin_dist_bin.DLL!NS_ShutdownXPCOM_P(nsIServiceManager
* servMgr=0x00000000) Line 816 + 0x1e C++
xpcshell$Purify_r_cenzic_mozilla_dbg-i686-pc-cygwin_dist_bin.exe!main(int
argc=0x00000000, char * * argv=0x003e800c, char * * envp=0x003e2be0) Line
1093 + 0x8 C++
xpcshell$Purify_r_cenzic_mozilla_dbg-i686-pc-cygwin_dist_bin.exe!mainCRTStartup()
Line 398 + 0x11 C
- pool->stats.name 0x04757970
"ÝÝÝÝÝÝÝÝÝÝÝÝÝÝÝÝÝÝÝÝÝÝÝÝÝÝÝÝÝÝÝÝÝÝÝÝÝÝÝÝÝÝÝÝÝÝÝÝÝÝÝÝÝÝÝÝÝÝÝÝÝÝÝÝÝÝÝÝÝÝÝÝÝÝÝÝÝÝÝÝÝÝÝÝÝÝÝÝÝÝÝÝÝÝÝÝÝÝÝÝÝÝÝÝÝÝÝÝÝ"
char *
0xdd 'Ý' char
0xdd is crt dead land (deleted objects)
one could obviously wallpaper over this by nulling out the pool name field, but
that seems like entirely the wrong thing to do (for one, i'd love to see the
pool name field each time the pool is handled, not just the first time; for
another there's the minor detail of why the code is playing with a pool that it
sort of thinks it killed...)
Status: UNCONFIRMED → NEW
Ever confirmed: true
Priority: -- → P5
|
||
Comment 2•19 years ago
|
||
Summarize accurately, please! /be
Summary: JS_FinishArenaPool called repeatedly for the same pools ... [E] FFM: Freeing freed memory in free {1 occurrence} → JS_FinishArenaPool JS_ARENAMETER-only dup free ... [E] FFM: Freeing freed memory in free {1 occurrence}
|
||
Updated•19 years ago
|
Flags: testcase-
|
||
Comment 3•12 years ago
|
||
This code has been removed.
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → WORKSFORME
You need to log in
before you can comment on or make changes to this bug.
Description
•