Closed Bug 737573 Opened 13 years ago Closed 13 years ago

Valgrind detects leak at Malloc, js::SaveScriptFilename (8 bytes in 1 blocks are definitely lost)

Categories

(Core :: JavaScript Engine, defect)

Product:
Core
Component:
JavaScript Engine
Platform:
x86_64
Linux
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla14

People

(Reporter: gkw, Assigned: billm)

Details

(Keywords: testcase, valgrind, Whiteboard: js-triage-done)

Attachments

(1 file)

fix
6.12 KB, patch
igor
: review+
Details | Diff | Splinter Review
function a(b) { f = Function("\ c = ArrayBuffer();\ Object.seal(this);\ c.toSource = (function(){ gc() });\ <x/> ? '' : \"\"\ ") try { evalcx(b, newGlobal("new-compartment")) } catch (e) {}; f() } a(); throws up a Valgrind error in js debug shell on m-c changeset c22568c8cf0e with -m. ==23137== 8 bytes in 1 blocks are definitely lost in loss record 1 of 3 ==23137== at 0x4C29313: malloc (vg_replace_malloc.c:263) ==23137== by 0x506A0E: js::SaveScriptFilename(JSContext*, char const*) (Utility.h:173) ==23137== by 0x50827F: JSScript::NewScriptFromEmitter(JSContext*, js::BytecodeEmitter*) (jsscript.cpp:1196) ==23137== by 0x586B0B: js::frontend::CompileScript(JSContext*, JSObject*, js::StackFrame*, JSPrincipals*, JSPrincipals*, unsigned int, unsigned short const*, unsigned long, char const*, unsigned int, JSVersion, JSString*, unsigned int) (BytecodeCompiler.cpp:327) ==23137== by 0x419D09: JS_EvaluateUCScriptForPrincipals (jsapi.cpp:5260) ==23137== by 0x419F64: JS_EvaluateUCScript (jsapi.cpp:5311) ==23137== by 0x4055BD: EvalInContext(JSContext*, unsigned int, JS::Value*) (js.cpp:2683) ==23137== by 0x49FB20: js::InvokeKernel(JSContext*, js::CallArgs, js::MaybeConstruct) (jscntxtinlines.h:314) ==23137== by 0x4999C4: js::Interpret(JSContext*, js::StackFrame*, js::InterpMode) (jsinterp.cpp:2685) ==23137== by 0x4A0680: js::Execute(JSContext*, JSScript*, JSObject&, JS::Value*) (jsinterp.cpp:667) ==23137== by 0x41A67A: JS_ExecuteScript (jsapi.cpp:5232) ==23137== by 0x409015: Process(JSContext*, JSObject*, char const*, bool) (js.cpp:581)
I used: valgrind --leak-check=full --smc-check=all-non-file ./js -m testcase.js Tested in 64-bit shell in Ubuntu.
This looks like a bug reported earlier for script filenames that I couldn't reproduce. This one does reproduce for me.
Assignee: general → wmccloskey
Not sure if it's related to bug 668095 (which merely added the -m flag, possibly): autoBisect shows this is probably related to the following changeset: The first bad revision is: changeset: 73054:b1923b866d6a user: Chris Leary date: Tue Jul 19 16:37:09 2011 -0700 summary: Bug 668095 - Write a proper option parser for SpiderMonkey CLI. (r=dvander)
Attached patch fixSplinter Review
Here's what happened: - gcKeepAtoms was set - We did a GC and swept all the objects in a compartment - We deleted the compartment Since js_SweepScriptFilenames saves filenames when gcKeepAtoms is true, we leaked the script filename in this case.
Attachment #607752 - Flags: review?(igor)
Whiteboard: js-triage-needed → js-triage-done
Attachment #607752 - Flags: review?(igor) → review+
https://hg.mozilla.org/mozilla-central/rev/f9f96c36c741
Status: NEW → RESOLVED
Closed: 13 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: