Closed Bug 737412 Opened 13 years ago Closed 13 years ago

nsTHashtable and nsBaseHashtable memory reporter functions crash if given a null sizeOfEntryExcludingThis function

Categories

(Core :: XPCOM, defect)

Product:
Core
Component:
XPCOM
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla14

People

(Reporter: jfkthame, Assigned: n.nethercote)

References

Details

Attachments

(2 files)

patch, check the user function pointer for null
1.59 KB, patch
n.nethercote
: review-
Details | Diff | Splinter Review
alternative patch
2.61 KB, patch
jfkthame
: review+
Details | Diff | Splinter Review
The comments in nsBaseHashtable.h and nsTHashtable.h imply that it would be OK to call SizeOfExcludingThis() with a null sizeOfEntryExcludingThis: http://mxr.mozilla.org/mozilla-central/source/xpcom/glue/nsBaseHashtable.h#263 263 * Measure the size of the table's entry storage, and if 264 * |sizeOfEntryExcludingThis| is non-nsnull, measure the size of things pointed 265 * to by entries. and similarly at http://mxr.mozilla.org/mozilla-central/source/xpcom/glue/nsTHashtable.h#277. However, the s_SizeOfStub functions in those classes actually call the provided sizeOfEntryExcludingThis pointer *without* checking that it is non-null, and will therefore crash.
Attachment #607538 - Flags: review?(n.nethercote)
Attachment #607538 - Attachment is patch: true
Apologies for the false advertising! Your patch works, but I'd rather handle the NULL case within SizeOfExcludingThis instead of in s_SizeOfStub, as the attached patch does. IMHO it's easier to understand, and it doesn't result in unnecessary enumeration of the hash table in the NULL case. (BTW, I've tested this lightly in a trunk build, but not with any code that passes in NULL. I assume your patch in bug 688125 needs this? Could you please test this patch with that patch?)
Attachment #607775 - Flags: review?(jfkthame)
Attachment #607538 - Flags: review?(n.nethercote) → review-
Comment on attachment 607775 [details] [diff] [review] alternative patch Review of attachment 607775 [details] [diff] [review]: ----------------------------------------------------------------- Looks fine. The second patch (forthcoming...) in bug 688125 will rely on this behavior, so I'll test it together with that, but I'm confident it'll work as required.
Attachment #607775 - Flags: review?(jfkthame) → review+
Blocks: 688125
One of the patches in this push caused winxp debug mochitests to perma-hang in test_memoryReporters.xul. Backed the entire push out. https://hg.mozilla.org/integration/mozilla-inbound/rev/d0dfb71a2df9
Assignee: nobody → n.nethercote
I don't think this patch can be the culprit there, so I re-landed it: https://hg.mozilla.org/integration/mozilla-inbound/rev/220f36e7f9f7
https://hg.mozilla.org/mozilla-central/rev/220f36e7f9f7
Status: NEW → RESOLVED
Closed: 13 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: