We use moz_xmalloc (which maps to je_malloc on jemalloc enabled builds) to allocate mGIFStruct.local_colormap, and then we free it using PR_FREEIF which maps to PRFree which in turn maps to stdlib's free. This means that we allocate memory from one heap and try to free it on another. If we're lucky, this means that we're leaking. If we're not lucky, it means that we're crashing, or corrupting arbitrary memory, or worse.
This should block 2.0, and also branches if we do the same thing there as well.
blocking2.0: --- → ?
This is a regression from http://hg.mozilla.org/mozilla-central/rev/389e836517bc (bug 514033), so I guess it is not applicable to branches.
Attachment #483280 - Flags: review?(joe) → review+
Status: ASSIGNED → RESOLVED
Closed: 9 years ago
Resolution: --- → FIXED
Whiteboard: [needs landing]
Target Milestone: --- → mozilla2.0b8
Target Milestone: mozilla2.0b8 → mozilla2.0b7
You need to log in before you can comment on or make changes to this bug.