Closed Bug 355059 Opened 19 years ago Closed 19 years ago

valgrind free memory read warning from multiple FT_Done_Face calls in nsFontMetricsPS.cpp

Categories

(Core Graveyard :: GFX: Gtk, defect)

Product:
Core Graveyard
Component:
GFX: Gtk
Version:
1.8 Branch
Platform:
x86
Linux
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: dbaron, Assigned: dbaron)

References

Details

(Keywords: fixed1.8.0.10, fixed1.8.1.1, valgrind, Whiteboard: [need testcase])

Attachments

(2 files)

valgrind warning
5.31 KB, text/plain; charset=utf-8
Details
patch
1.55 KB, patch
roc
: review+
roc
: superreview+
dveditz
: approval1.8.1.1+
jay
: approval1.8.0.10+
Details | Diff | Splinter Review
When printing http://www.mozilla.com/firefox/all on a trunk build with cairo disabled I get a valgrind warning about reading freed memory (attached). The attached patch fixes the warning. I haven't bothered to figure out the ownership model here -- but it seems to be working well enough except for this issue -- although I suppose I haven't checked for leaks. Then again, this code should be going away for 1.9.
Attached patch patchSplinter Review
This fixes the warning. I'm not sure who owns the entry object, but this seems like the simplest patch to prevent the object from being accessed after being freed.
Attachment #240846 - Flags: review?(roc)
Flags: blocking1.8.1.1?
Attachment #240846 - Flags: superreview+
Attachment #240846 - Flags: review?(roc)
Attachment #240846 - Flags: review?(jshin1987)
Attachment #240846 - Flags: review+
Checked in to trunk, although the code isn't used there.
Status: NEW → RESOLVED
Closed: 19 years ago
Resolution: --- → FIXED
Flags: blocking1.8.1.1? → blocking1.8.1.1+
Comment on attachment 240846 [details] [diff] [review] patch approved for 1.8 branch, a=dveditz for drivers
Attachment #240846 - Flags: approval1.8.1.1? → approval1.8.1.1+
I believe the bugs addressed here are responsible for the problems described in bug 336435 (Firefox hangs following printing on Linux). I debugged this a couple of months ago, and attached a patch which fixed several double-free bugs, including the bugs fixed here. However, I also found an additional bug (a failure to increment the reference count on a CharSet following a look-up in fontconfig), which is fixed in the first part of my patch. See: https://bugzilla.mozilla.org/attachment.cgi?id=237126&action=view Can that part of the patch be reviewed and committed soon? (Please let me know if you want me to provide an updated patch). It would be nice to get all of these fixes into the next 1.5.0.x release, as these bugs are having a major impact on our users.
Ah, I now see that the additional bug I referred to was addressed in bug 294879, and a fix has already been checked in, and included in 1.5.0.8. So never mind about reviewing that part of my patch.
Checked in to MOZILLA_1_8_BRANCH.
Keywords: fixed1.8.1.1
Comment on attachment 240846 [details] [diff] [review] patch Approved for 1.8.0 branch, a=jay for drivers.
Attachment #240846 - Flags: approval1.8.0.10? → approval1.8.0.10+
Checked in to MOZILLA_1_8_0_BRANCH.
Keywords: fixed1.8.0.10
hi david, can you provide steps on how QA can verify this fix on the 1.8 and 1.8.0 branch? thanks.
Whiteboard: [need testcase]
Blocks: 341355
Keywords: valgrind
Product: Core → Core Graveyard
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: