Closed Bug 737412 Opened 8 years ago Closed 8 years ago

nsTHashtable and nsBaseHashtable memory reporter functions crash if given a null sizeOfEntryExcludingThis function


(Core :: XPCOM, defect)

Not set





(Reporter: jfkthame, Assigned: njn)




(2 files)

The comments in nsBaseHashtable.h and nsTHashtable.h imply that it would be OK to call SizeOfExcludingThis() with a null sizeOfEntryExcludingThis:
263    * Measure the size of the table's entry storage, and if
264    * |sizeOfEntryExcludingThis| is non-nsnull, measure the size of things pointed
265    * to by entries.

and similarly at

However, the s_SizeOfStub functions in those classes actually call the provided sizeOfEntryExcludingThis pointer *without* checking that it is non-null, and will therefore crash.
Attachment #607538 - Flags: review?(n.nethercote)
Attachment #607538 - Attachment is patch: true
Apologies for the false advertising!

Your patch works, but I'd rather handle the NULL case within SizeOfExcludingThis instead of in s_SizeOfStub, as the attached patch does.  IMHO it's easier to understand, and it doesn't result in unnecessary enumeration of the hash table in the NULL case.

(BTW, I've tested this lightly in a trunk build, but not with any code that passes in NULL.  I assume your patch in bug 688125 needs this?  Could you please test this patch with that patch?)
Attachment #607775 - Flags: review?(jfkthame)
Attachment #607538 - Flags: review?(n.nethercote) → review-
Comment on attachment 607775 [details] [diff] [review]
alternative patch

Review of attachment 607775 [details] [diff] [review]:

Looks fine. The second patch (forthcoming...) in bug 688125 will rely on this behavior, so I'll test it together with that, but I'm confident it'll work as required.
Attachment #607775 - Flags: review?(jfkthame) → review+
Blocks: 688125
One of the patches in this push caused winxp debug mochitests to perma-hang in test_memoryReporters.xul. Backed the entire push out.
Assignee: nobody → n.nethercote
I don't think this patch can be the culprit there, so I re-landed it:
Closed: 8 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.