Closed Bug 737412 Opened 8 years ago Closed 8 years ago

nsTHashtable and nsBaseHashtable memory reporter functions crash if given a null sizeOfEntryExcludingThis function

Categories

(Core :: XPCOM, defect)

defect
Not set

Tracking

()

RESOLVED FIXED
mozilla14

People

(Reporter: jfkthame, Assigned: njn)

References

Details

Attachments

(2 files)

The comments in nsBaseHashtable.h and nsTHashtable.h imply that it would be OK to call SizeOfExcludingThis() with a null sizeOfEntryExcludingThis:

http://mxr.mozilla.org/mozilla-central/source/xpcom/glue/nsBaseHashtable.h#263
263    * Measure the size of the table's entry storage, and if
264    * |sizeOfEntryExcludingThis| is non-nsnull, measure the size of things pointed
265    * to by entries.

and similarly at http://mxr.mozilla.org/mozilla-central/source/xpcom/glue/nsTHashtable.h#277.

However, the s_SizeOfStub functions in those classes actually call the provided sizeOfEntryExcludingThis pointer *without* checking that it is non-null, and will therefore crash.
Attachment #607538 - Flags: review?(n.nethercote)
Attachment #607538 - Attachment is patch: true
Apologies for the false advertising!

Your patch works, but I'd rather handle the NULL case within SizeOfExcludingThis instead of in s_SizeOfStub, as the attached patch does.  IMHO it's easier to understand, and it doesn't result in unnecessary enumeration of the hash table in the NULL case.

(BTW, I've tested this lightly in a trunk build, but not with any code that passes in NULL.  I assume your patch in bug 688125 needs this?  Could you please test this patch with that patch?)
Attachment #607775 - Flags: review?(jfkthame)
Attachment #607538 - Flags: review?(n.nethercote) → review-
Comment on attachment 607775 [details] [diff] [review]
alternative patch

Review of attachment 607775 [details] [diff] [review]:
-----------------------------------------------------------------

Looks fine. The second patch (forthcoming...) in bug 688125 will rely on this behavior, so I'll test it together with that, but I'm confident it'll work as required.
Attachment #607775 - Flags: review?(jfkthame) → review+
Blocks: 688125
One of the patches in this push caused winxp debug mochitests to perma-hang in test_memoryReporters.xul. Backed the entire push out.
https://hg.mozilla.org/integration/mozilla-inbound/rev/d0dfb71a2df9
Assignee: nobody → n.nethercote
I don't think this patch can be the culprit there, so I re-landed it:
https://hg.mozilla.org/integration/mozilla-inbound/rev/220f36e7f9f7
https://hg.mozilla.org/mozilla-central/rev/220f36e7f9f7
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.