Closed
Bug 657530
Opened 14 years ago
Closed 14 years ago
Memory leak in Array::sort() if getUintProperty (etc) throw exceptions
Categories
(Tamarin Graveyard :: Virtual Machine, defect)
Tamarin Graveyard
Virtual Machine
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: stejohns, Assigned: stejohns)
Details
Attachments
(1 file)
2.31 KB,
patch
|
rreitmai
:
review+
|
Details | Diff | Splinter Review |
Addition of testcases for Bug 654807 have revealed a latent memory leak in Array.sort: if getUintProperty() calls on the array throw exceptions, ArraySort's dtor is never run, which leaks the "index" array (allocated via mmfx). A minor leak in a weird situation, but generates asserts in debug runs.
Assignee | ||
Comment 1•14 years ago
|
||
(Side note: ArraySort is a horrific wart; everything runs in the ctor, and the result is via an out-arg -- why it isn't just a normal static function is beyond me, but rewriting it is definitely scope creep...)
Assignee | ||
Comment 2•14 years ago
|
||
A bit of a quick-n-dirty fix: use VMPI_alloca instead of mmfx. (Alternately, we could use GCAlloc, but we want to get away from that... or we could use DataList, but that would necessitate other changes to this code... or we could wrap the ArraySort in TRY/CATCH, but this is an extremely degenerate failure case so it seems like a waste)
Assignee: nobody → stejohns
Attachment #532810 -
Flags: review?(lhansen)
Comment 3•14 years ago
|
||
Comment on attachment 532810 [details] [diff] [review]
Patch
Feedback:
// new class[n] compiles into code which tries to allocate n * sizeof(class).
// unfortunately, the generated assembly does not protect against this product overflowing int.
// So I limit the length -- for larger values, I expect new will fail anyways.
if ((len > 0) && (len < (0x10000000)))
The comment text would no longer apply with your change to use CheckForCallocSizeOverflow now, right?
On the other hand, I don't think the inputs to CheckForCallocSizeOverflow here will ever actually overflow given this if-guard.
I'm guessing we are stuck with the if-guard as it is.
But the disconnect between what the comment says and what lies beneath makes the code confusing; you should change the comment so that its clear that the if-guard is now a historical artifact.
Comment 4•14 years ago
|
||
(In reply to comment #3)
> Comment on attachment 532810 [details] [diff] [review] [review]
> Patch
>
> Feedback:
>
> // new class[n] compiles into code which tries to allocate n *
> sizeof(class).
> // unfortunately, the generated assembly does not protect against
> this product overflowing int.
> // So I limit the length -- for larger values, I expect new will
> fail anyways.
> if ((len > 0) && (len < (0x10000000)))
>
> The comment text would no longer apply with your change to use
> CheckForCallocSizeOverflow now, right?
Actually that comment is not talking about the index array allocation. Your change is probably leaving the net amount of confusion in the code unchanged. So changing the comment should not block pushing this.
Assignee | ||
Comment 5•14 years ago
|
||
Comment on attachment 532810 [details] [diff] [review]
Patch
switching to Edwin as Lars is OOO today
Attachment #532810 -
Flags: review?(lhansen) → review?(edwsmith)
Assignee | ||
Comment 6•14 years ago
|
||
Yeah, the comment is definitely a monkey-hack from some primordial committer; that said, we're probably safer to stick with it. Will update the comment though.
Comment 7•14 years ago
|
||
IMO the new comment should not be inserted into ArraySort::~ArraySort, it does not contribute anything except confusion, unless you're prepared to make it a requirement that anyplace we use VMPI_alloc we have to add similar comments. Instead, the appropriate place to add a comment is to the definition of ArraySort, where it is already required that ArraySort be stack-allocated because it uses VMPI_alloca for temporary data.
Otherwise no objections from me (but R? is not to me any longer :-)
Assignee | ||
Comment 8•14 years ago
|
||
Comment on attachment 532810 [details] [diff] [review]
Patch
OK then, back to Lars, since Edwin is dragging his heels...
Attachment #532810 -
Flags: review?(edwsmith) → review?(lhansen)
Comment 9•14 years ago
|
||
Comment on attachment 532810 [details] [diff] [review]
Patch
steal review and r+
Attachment #532810 -
Flags: review?(lhansen) → review+
Assignee | ||
Comment 10•14 years ago
|
||
TR 6315:e5b85a0b655e
Status: NEW → RESOLVED
Closed: 14 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•