465886 - TM: realloc is being used incorrectly

Status: RESOLVED WONTFIX

(Core :: JavaScript Engine, defect, P2)

Description

[timeless]

if realloc fails, it will return null, leaving the current data unchanged.

correct usage is:

void *x = malloc(1000);
...
void *y = realloc(x, 100000);
if (!y) {
  error();
} else {
  x = y;
}

also, it'd be nice if you actually handled failure.

Comment 1

[timeless]

Attachment: beginnings

the JS_Assert call is where i got stuck, it's not meant to be committed, although in a pinch it could go now, it just means that when we fail there, we must kill ourselves (no choice).

i'm told some functions are dead/walking dead, that's ok.

Comment 2

[Manoj]

This is just a sanity check... While we're on the subject, when memory is free'ed via free(ptr), is ptr set to NULL/0/null as well. The double free memory problem is almost impossible to debug.

malloc/realloc/free could all be implemented as macros to ensure consistent use of the idioms.

Comment 3

[Nicholas Nethercote [inactive]]

> While we're on the subject, when memory is free'ed via free(ptr), is ptr set to > NULL/0/null as well.

Is that a question?  If so, the answer is "no".

Comment 4

[Andreas Gal :gal]

P2 ... just for you beltzner ;)

Comment 5

[Andreas Gal :gal]

Not sure this bug needs to block final. Maybe discuss and re-triage? A better fix would be some engine or browser-wide red zone allocation thing (ballast).

Comment 6

[Ryan VanderMeulen [:RyanVM]]

Obsolete with the removal of tracejit.