Mismatched allocators in jsd: PR_Calloc vs delete

RESOLVED FIXED in mozilla1.9.3a1

Status

()

Core
JavaScript Engine
--
critical
RESOLVED FIXED
9 years ago
7 years ago

People

(Reporter: Biesinger, Assigned: timeless)

Tracking

Trunk
mozilla1.9.3a1
x86
Linux
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

Attachments

(1 attachment)

==28813== Mismatched free() / delete / delete []
==28813==    at 0x4C23A41: operator delete(void*) /tmp/vg/coregrind/m_replacemalloc/vg_replace_malloc.c:380
==28813==    by 0x1D3EF036: jsds_FreeFilter(FilterRecord*) /usr/local/google/home/cbiesinger/mozilla-1.9.2/js/jsd/jsd_xpc.cpp:251
==28813==    by 0x1D3EF1BE: jsdService::RemoveFilter(jsdIFilter*) /usr/local/google/home/cbiesinger/mozilla-1.9.2/js/jsd/jsd_xpc.cpp:2876
==28813==    by 0x5922BE7: NS_InvokeByIndex_P /usr/local/google/home/cbiesinger/mozilla-1.9.2/xpcom/reflect/xptcall/src/md/unix/xptcinvoke_x86_64_unix.cpp:208
==28813==    by 0x11BE9579: XPCWrappedNative::CallMethod(XPCCallContext&, XPCWrappedNative::CallMode) /usr/local/google/home/cbiesinger/mozilla-1.9.2/js/src/xpconnect/src/xpcwrappednative.cpp:2721
==28813==    by 0x11BF667F: XPC_WN_CallMethod(JSContext*, JSObject*, unsigned int, long*, long*) /usr/local/google/home/cbiesinger/mozilla-1.9.2/js/src/xpconnect/src/xpcwrappednativejsops.cpp:1740
==28813==    by 0x5353241: js_Invoke /usr/local/google/home/cbiesinger/mozilla-1.9.2/js/src/jsinterp.cpp:1360
==28813==    by 0x534238D: js_Interpret /usr/local/google/home/cbiesinger/mozilla-1.9.2/js/src/jsops.cpp:2240
==28813==    by 0x535328B: js_Invoke /usr/local/google/home/cbiesinger/mozilla-1.9.2/js/src/jsinterp.cpp:1368
==28813==    by 0x5320DF8: js_fun_apply /usr/local/google/home/cbiesinger/mozilla-1.9.2/js/src/jsfun.cpp:2046
==28813==    by 0x5342275: js_Interpret /usr/local/google/home/cbiesinger/mozilla-1.9.2/js/src/jsops.cpp:2208
==28813==    by 0x535328B: js_Invoke /usr/local/google/home/cbiesinger/mozilla-1.9.2/js/src/jsinterp.cpp:1368
==28813==  Address 0x23a994b0 is 0 bytes inside a block of size 64 alloc'd
==28813==    at 0x4C2306D: calloc /tmp/vg/coregrind/m_replacemalloc/vg_replace_malloc.c:458
==28813==    by 0x5FDFFA8: PR_Calloc /usr/local/google/home/cbiesinger/mozilla-1.9.2/nsprpub/pr/src/malloc/prmem.c:474
==28813==    by 0x1D3F51DE: jsdService::AppendFilter(jsdIFilter*) /usr/local/google/home/cbiesinger/mozilla-1.9.2/js/jsd/jsd_xpc.cpp:2841
==28813==    by 0x5922BE7: NS_InvokeByIndex_P /usr/local/google/home/cbiesinger/mozilla-1.9.2/xpcom/reflect/xptcall/src/md/unix/xptcinvoke_x86_64_unix.cpp:208
==28813==    by 0x11BE9579: XPCWrappedNative::CallMethod(XPCCallContext&, XPCWrappedNative::CallMode) /usr/local/google/home/cbiesinger/mozilla-1.9.2/js/src/xpconnect/src/xpcwrappednative.cpp:2721
==28813==    by 0x11BF667F: XPC_WN_CallMethod(JSContext*, JSObject*, unsigned int, long*, long*) /usr/local/google/home/cbiesinger/mozilla-1.9.2/js/src/xpconnect/src/xpcwrappednativejsops.cpp:1740
==28813==    by 0x5353241: js_Invoke /usr/local/google/home/cbiesinger/mozilla-1.9.2/js/src/jsinterp.cpp:1360
==28813==    by 0x534238D: js_Interpret /usr/local/google/home/cbiesinger/mozilla-1.9.2/js/src/jsops.cpp:2240
==28813==    by 0x535328B: js_Invoke /usr/local/google/home/cbiesinger/mozilla-1.9.2/js/src/jsinterp.cpp:1368
==28813==    by 0x5320DF8: js_fun_apply /usr/local/google/home/cbiesinger/mozilla-1.9.2/js/src/jsfun.cpp:2046
==28813==    by 0x5342275: js_Interpret /usr/local/google/home/cbiesinger/mozilla-1.9.2/js/src/jsops.cpp:2208
==28813==    by 0x535328B: js_Invoke /usr/local/google/home/cbiesinger/mozilla-1.9.2/js/src/jsinterp.cpp:1368
==28813==
(Assignee)

Comment 1

9 years ago
Created attachment 414517 [details] [diff] [review]
fix allocator and correct name to reduce confusion
Assignee: nobody → timeless
Status: NEW → ASSIGNED
Attachment #414517 - Flags: review?(cbiesinger)
(Assignee)

Updated

9 years ago
Severity: normal → critical
Version: unspecified → Trunk
Attachment #414517 - Flags: review?(cbiesinger) → review+
Keywords: checkin-needed
http://hg.mozilla.org/mozilla-central/rev/6cae4ab0b622
Status: ASSIGNED → RESOLVED
Last Resolved: 9 years ago
Keywords: checkin-needed
Resolution: --- → FIXED
Target Milestone: --- → mozilla1.9.3a1
(Assignee)

Updated

8 years ago
Duplicate of this bug: 631948
(Assignee)

Comment 4

8 years ago
Comment on attachment 414517 [details] [diff] [review]
fix allocator and correct name to reduce confusion

this isn't a very good thing to do and makes things messy for valgrind-firebug users. it's a safe and localized fix
Attachment #414517 - Flags: approval1.9.2.15?
Attachment #414517 - Flags: approval1.9.1.18?
Comment on attachment 414517 [details] [diff] [review]
fix allocator and correct name to reduce confusion

Approved for 1.9.2.15 and 1.9.1.18, a=dveditz for release-drivers
Attachment #414517 - Flags: approval1.9.2.15?
Attachment #414517 - Flags: approval1.9.2.15+
Attachment #414517 - Flags: approval1.9.1.18?
Attachment #414517 - Flags: approval1.9.1.18+
Comment on attachment 414517 [details] [diff] [review]
fix allocator and correct name to reduce confusion

Missed the 1.9.2.16/1.9.1.18 code-freeze, removing approvals
Attachment #414517 - Flags: approval1.9.2.16-
Attachment #414517 - Flags: approval1.9.2.16+
Attachment #414517 - Flags: approval1.9.1.18-
Attachment #414517 - Flags: approval1.9.1.18+
Component: JavaScript Debugging/Profiling APIs → JavaScript Engine
Product: Core → Core
You need to log in before you can comment on or make changes to this bug.