Closed Bug 777083 Opened 10 years ago Closed 10 years ago

ScriptSource::createFromSource leaks when ownSource is true

Categories

(Core :: JavaScript Engine, defect)

defect
Not set
normal

Tracking

()

RESOLVED FIXED
mozilla17

People

(Reporter: Benjamin, Unassigned)

Details

Attachments

(1 file)

Attached patch plug leakSplinter Review
When ownSource is true, we simply set data.source to the source passed to createFromSource. However, we also unconditionally allocate a buffer for the compressed string, which we never use with ownSource. This means we leak a entire JS file anytime anyone calls chrome toSource. Oops.
Attachment #645510 - Flags: review?(luke)
I see two callers of createFromSource, the one that passes 'true' and one that passes 'false', but then unconditionally frees 'source'.  Could createFromSource always take ownership (even when it fails), allowing us to remove the parameter?
(In reply to Luke Wagner [:luke] from comment #1)
> I see two callers of createFromSource, the one that passes 'true' and one
> that passes 'false', but then unconditionally frees 'source'.  Could
> createFromSource always take ownership (even when it fails), allowing us to
> remove the parameter?

The main usage is in frontend/BytecodeCompiler.cpp. In those cases, we really do need to copy. The GlobalObject.cpp case is a weird one written before the ownSource parameter. It could use that now, actually.
Attachment #645510 - Flags: review?(luke) → review+
https://hg.mozilla.org/mozilla-central/rev/a338900cf0af
Status: NEW → RESOLVED
Closed: 10 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla17
You need to log in before you can comment on or make changes to this bug.