Closed Bug 657530 Opened 14 years ago Closed 14 years ago

Memory leak in Array::sort() if getUintProperty (etc) throw exceptions

Categories

(Tamarin Graveyard :: Virtual Machine, defect)

defect
Not set
normal

Tracking

(Not tracked)

RESOLVED FIXED

People

(Reporter: stejohns, Assigned: stejohns)

Details

Attachments

(1 file)

Addition of testcases for Bug 654807 have revealed a latent memory leak in Array.sort: if getUintProperty() calls on the array throw exceptions, ArraySort's dtor is never run, which leaks the "index" array (allocated via mmfx). A minor leak in a weird situation, but generates asserts in debug runs.
(Side note: ArraySort is a horrific wart; everything runs in the ctor, and the result is via an out-arg -- why it isn't just a normal static function is beyond me, but rewriting it is definitely scope creep...)
Attached patch PatchSplinter Review
A bit of a quick-n-dirty fix: use VMPI_alloca instead of mmfx. (Alternately, we could use GCAlloc, but we want to get away from that... or we could use DataList, but that would necessitate other changes to this code... or we could wrap the ArraySort in TRY/CATCH, but this is an extremely degenerate failure case so it seems like a waste)
Assignee: nobody → stejohns
Attachment #532810 - Flags: review?(lhansen)
Comment on attachment 532810 [details] [diff] [review] Patch Feedback: // new class[n] compiles into code which tries to allocate n * sizeof(class). // unfortunately, the generated assembly does not protect against this product overflowing int. // So I limit the length -- for larger values, I expect new will fail anyways. if ((len > 0) && (len < (0x10000000))) The comment text would no longer apply with your change to use CheckForCallocSizeOverflow now, right? On the other hand, I don't think the inputs to CheckForCallocSizeOverflow here will ever actually overflow given this if-guard. I'm guessing we are stuck with the if-guard as it is. But the disconnect between what the comment says and what lies beneath makes the code confusing; you should change the comment so that its clear that the if-guard is now a historical artifact.
(In reply to comment #3) > Comment on attachment 532810 [details] [diff] [review] [review] > Patch > > Feedback: > > // new class[n] compiles into code which tries to allocate n * > sizeof(class). > // unfortunately, the generated assembly does not protect against > this product overflowing int. > // So I limit the length -- for larger values, I expect new will > fail anyways. > if ((len > 0) && (len < (0x10000000))) > > The comment text would no longer apply with your change to use > CheckForCallocSizeOverflow now, right? Actually that comment is not talking about the index array allocation. Your change is probably leaving the net amount of confusion in the code unchanged. So changing the comment should not block pushing this.
Comment on attachment 532810 [details] [diff] [review] Patch switching to Edwin as Lars is OOO today
Attachment #532810 - Flags: review?(lhansen) → review?(edwsmith)
Yeah, the comment is definitely a monkey-hack from some primordial committer; that said, we're probably safer to stick with it. Will update the comment though.
IMO the new comment should not be inserted into ArraySort::~ArraySort, it does not contribute anything except confusion, unless you're prepared to make it a requirement that anyplace we use VMPI_alloc we have to add similar comments. Instead, the appropriate place to add a comment is to the definition of ArraySort, where it is already required that ArraySort be stack-allocated because it uses VMPI_alloca for temporary data. Otherwise no objections from me (but R? is not to me any longer :-)
Comment on attachment 532810 [details] [diff] [review] Patch OK then, back to Lars, since Edwin is dragging his heels...
Attachment #532810 - Flags: review?(edwsmith) → review?(lhansen)
Comment on attachment 532810 [details] [diff] [review] Patch steal review and r+
Attachment #532810 - Flags: review?(lhansen) → review+
TR 6315:e5b85a0b655e
Status: NEW → RESOLVED
Closed: 14 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: