Open Bug 729469 Opened 13 years ago Updated 3 years ago

Thread leak in nsUrlClassifierDBService.cpp

Categories

(Toolkit :: Safe Browsing, defect, P3)

Product:
Toolkit
Component:
Safe Browsing
Platform:
x86_64
Linux
Type:
defect

Tracking

()

Status:
REOPENED

People

(Reporter: heikki, Unassigned)

Details

Working on an embedded system, we noticed a thread leak in nsUrlClassifierDBService.cpp near line 4165: // Start the background thread. rv = NS_NewThread(&gDbBackgroundThread); if (NS_FAILED(rv)) return rv; mWorker = new nsUrlClassifierDBServiceWorker(); if (!mWorker) return NS_ERROR_OUT_OF_MEMORY; rv = mWorker->Init(gethashNoise, mPrefixSet); if (NS_FAILED(rv)) { mWorker = nsnull; return rv; } If, for some reason, mWorker->Init() fails, mWorker is set to null, but the thread continues to exist. It will never be killed. This happened to us with problems with the profile path. This code seems to be run every time something is loaded from the net (not from local file), leaking several threads every time a new page is loaded. The fix is simple. Add the following after the line mWorker = nsnull; before the return: nsIThread *backgroundThread = gDbBackgroundThread; gDbBackgroundThread = nsnull; backgroundThread->Shutdown(); NS_RELEASE(backgroundThread); I am not 100% sure if the fix is correct, it is just copied from a place where the thread is shut down. Looks like there could be another leak in the case the new nsUrlClassifierDBServiceWorker() fails, but I have not seen that in practice, nor do I know what policy (if any) covers out-of-memory situations.
Summary: Thread leak in → Thread leak in nsUrlClassifierDBService.cpp
Gian-Carlo, dcamp, can you take a look please?
Status: UNCONFIRMED → NEW
Component: Embedding: APIs → Phishing Protection
Ever confirmed: true
Product: Core → Firefox
QA Contact: apis → phishing.protection
Version: 9 Branch → Trunk
Analysis and suggested fix look ok to me. Do you already have a patch?
The safest way to fix this would be to store the new thread in a local nsCOMPtr until all operations are successful: nsCOMPtr<nsIThread> backgroundThread; rv = NS_NewThread(getter_AddRefs(gDbBackgroundThread); ... rv = mWorker->Init(gethashNoise, mPrefixSet); ... backgroundThread.forget(&gDbBackgroundThread);
Although I guess that doesn't actually trigger Shutdown, which is pretty important.
(In reply to Josh Matthews [:jdm] from comment #4) > Although I guess that doesn't actually trigger Shutdown, which > is pretty important. It could be argued that if Init() fails, calling ShutDown() should not be necessary, or even desirable. But I don't know the code well enough to say, nor the coding conventions for such.
Product: Firefox → Toolkit
Priority: -- → P5
Priority: P5 → P3
Assignee: nobody → tnguyen
Assignee: tnguyen → nobody
Henry has overhauled this code recently so this leak may now be fixed.
Flags: needinfo?(hchang)
I didn't make any change to gDbBackgroundThread. Instead, the new thread I introduced is in Classifier [1]. [1] http://searchfox.org/mozilla-central/rev/abe68d5dad139e376d5521ca1d4b7892e1e7f1ba/toolkit/components/url-classifier/Classifier.h#229
Flags: needinfo?(hchang)
Per policy at https://wiki.mozilla.org/Bug_Triage/Projects/Bug_Handling/Bug_Husbandry#Inactive_Bugs. If this bug is not an enhancement request or a bug not present in a supported release of Firefox, then it may be reopened.
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → INACTIVE
Status: RESOLVED → REOPENED
Resolution: INACTIVE → ---
Severity: normal → S3
You need to log in before you can comment on or make changes to this bug.