Closed Bug 798061 Opened 12 years ago Closed 12 years ago

Mismatched malloc vs delete[] in mozilla::gfx::AlphaBoxBlur::~AlphaBoxBlur()

Categories

(Core :: Graphics, defect)

ARM
Android
defect
Not set
normal

Tracking

()

RESOLVED FIXED
mozilla18

People

(Reporter: jseward, Assigned: joe)

References

Details

(Keywords: valgrind)

Attachments

(1 file)

Seen on all Fennec startups on NexusS/ICS. Could be construed as a potential crasher in some configurations since the allocating and freeing DSOs are different (libc.so to allocate, libstdc++.so to deallocate.) Mismatched free() / delete / delete [] at 0x4805D28: operator delete[](void*) (vg_replace_malloc.c:527) by 0x3242E02F: mozilla::gfx::AlphaBoxBlur::~AlphaBoxBlur() (Blur.cpp:408) by 0x321FAB15: gfxAlphaBoxBlur::~gfxAlphaBoxBlur() (gfxBlur.cpp:23) by 0x319A8D39: nsTextFrame::PaintOneShadow(unsigned int, unsigned int, nsCSSShadowItem*, PropertyProvider*, nsRect const&, gfxPoint const&, gfxPoint const&, gfxContext*, unsigned int const&, nsCharClipDisplayItem::ClipEdges const&, int, gfxRect&) (nsCSSRendering.h:553) by 0x319A9BE1: nsTextFrame::PaintText(nsRenderingContext*, nsPoint, nsRect const&, nsCharClipDisplayItem const&, nsTextFram e::DrawPathCallbacks*) (nsTextFrameThebes.cpp:5885) by 0x319A9CA1: nsDisplayText::Paint(nsDisplayListBuilder*, nsRenderingContext*) (nsTextFrameThebes.cpp:4576) by 0x318F3C11: mozilla::FrameLayerBuilder::DrawThebesLayer(mozilla::layers::ThebesLayer*, gfxContext*, nsIntRegion const&, nsIntRegion const&, void*) (FrameLayerBuilder.cpp:3238) by 0x3222F6FB: mozilla::layers::BasicTiledLayerBuffer::PaintThebes(mozilla::layers::BasicTiledThebesLayer*, nsIntRegion con st&, nsIntRegion const&, void (*)(mozilla::layers::ThebesLayer*, gfxContext*, nsIntRegion const&, nsIntRegion const&, void*), void*) (BasicTiledThebesLayer.cpp:107) by 0x3222FB57: mozilla::layers::BasicTiledThebesLayer::PaintThebes(gfxContext*, mozilla::layers::Layer*, void (*)(mozilla:: layers::ThebesLayer*, gfxContext*, nsIntRegion const&, nsIntRegion const&, void*), void*, mozilla::layers::ReadbackProcessor*) (BasicTiledThebesLayer.cpp:335) by 0x32226D9B: mozilla::layers::BasicLayerManager::PaintSelfOrChildren(mozilla::layers::PaintContext&, gfxContext*) (BasicL ayerManager.cpp:813) by 0x32226241: mozilla::layers::BasicLayerManager::PaintLayer(gfxContext*, mozilla::layers::Layer*, void (*)(mozilla::layers::ThebesLayer*, gfxContext*, nsIntRegion const&, nsIntRegion const&, void*), void*, mozilla::layers::ReadbackProcessor*) (BasicLayerManager.cpp:920) by 0x32226D27: mozilla::layers::BasicLayerManager::PaintSelfOrChildren(mozilla::layers::PaintContext&, gfxContext*) (BasicLayerManager.cpp:828) Address 0x2850c458 is 0 bytes inside a block of size 5,920 alloc'd at 0x4807648: malloc (vg_replace_malloc.c:273) by 0x3242E4A3: mozilla::gfx::AlphaBoxBlur::AlphaBoxBlur(mozilla::gfx::Rect const&, mozilla::gfx::IntSize const&, mozilla::gfx::IntSize const&, mozilla::gfx::Rect const*, mozilla::gfx::Rect const*) (Blur.cpp:384) by 0x321FA9EB: gfxAlphaBoxBlur::Init(gfxRect const&, nsIntSize const&, nsIntSize const&, gfxRect const*, gfxRect const*) (gfxBlur.cpp:52) by 0x3190BCFD: nsContextBoxBlur::Init(nsRect const&, int, int, int, gfxContext*, nsRect const&, gfxRect const*, unsigned int) (nsCSSRendering.cpp:4552) by 0x319A8BB9: nsTextFrame::PaintOneShadow(unsigned int, unsigned int, nsCSSShadowItem*, PropertyProvider*, nsRect const&, gfxPoint const&, gfxPoint const&, gfxContext*, unsigned int const&, nsCharClipDisplayItem::ClipEdges const&, int, gfxRect&) (nsTextFrameThebes.cpp:5353) by 0x319A9BE1: nsTextFrame::PaintText(nsRenderingContext*, nsPoint, nsRect const&, nsCharClipDisplayItem const&, nsTextFrame::DrawPathCallbacks*) (nsTextFrameThebes.cpp:5885) by 0x319A9CA1: nsDisplayText::Paint(nsDisplayListBuilder*, nsRenderingContext*) (nsTextFrameThebes.cpp:4576) by 0x318F3C11: mozilla::FrameLayerBuilder::DrawThebesLayer(mozilla::layers::ThebesLayer*, gfxContext*, nsIntRegion const&, nsIntRegion const&, void*) (FrameLayerBuilder.cpp:3238) by 0x3222F6FB: mozilla::layers::BasicTiledLayerBuffer::PaintThebes(mozilla::layers::BasicTiledThebesLayer*, nsIntRegion const&, nsIntRegion const&, void (*)(mozilla::layers::ThebesLayer*, gfxContext*, nsIntRegion const&, nsIntRegion const&, void*), void*) (BasicTiledThebesLayer.cpp:107) by 0x3222FB57: mozilla::layers::BasicTiledThebesLayer::PaintThebes(gfxContext*, mozilla::layers::Layer*, void (*)(mozilla::layers::ThebesLayer*, gfxContext*, nsIntRegion const&, nsIntRegion const&, void*), void*, mozilla::layers::ReadbackProcessor*) (BasicTiledThebesLayer.cpp:335) by 0x32226D9B: mozilla::layers::BasicLayerManager::PaintSelfOrChildren(mozilla::layers::PaintContext&, gfxContext*) (BasicLayerManager.cpp:813) by 0x32226241: mozilla::layers::BasicLayerManager::PaintLayer(gfxContext*, mozilla::layers::Layer*, void (*)(mozilla::layers::ThebesLayer*, gfxContext*, nsIntRegion const&, nsIntRegion const&, void*), void*, mozilla::layers::ReadbackProcessor*) (BasicLayerManager.cpp:920) // same again (truncated), complained about by V's DSO consistency checker Mismatched DSOs: allocated by libc.so.*, freed by libstdc++* at 0x4805D28: operator delete[](void*) (vg_replace_malloc.c:527) by 0x3242E02F: mozilla::gfx::AlphaBoxBlur::~AlphaBoxBlur() (Blur.cpp:408) [...] Address 0x2850c458 is 0 bytes inside a block of size 5,920 alloc'd at 0x4807648: malloc (vg_replace_malloc.c:273) by 0x3242E4A3: mozilla::gfx::AlphaBoxBlur::AlphaBoxBlur(mozilla::gfx::Rect [...]
Component: Graphics: Layers → Graphics
Attached patch fixSplinter Review
Assignee: nobody → joe
Attachment #668285 - Flags: review?(jmuizelaar)
Attachment #668285 - Flags: review?(jmuizelaar) → review+
https://hg.mozilla.org/integration/mozilla-inbound/rev/9c483486bf39 Please make sure your patches contain all the needed commit information next time you request checkin. Makes life easier :)
Flags: in-testsuite-
Keywords: checkin-needed
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla18
(In reply to Ryan VanderMeulen from comment #2) > https://hg.mozilla.org/integration/mozilla-inbound/rev/9c483486bf39 > > Please make sure your patches contain all the needed commit information next > time you request checkin. Makes life easier :) I intended to check this in myself; Julian set checkin-needed and I didn't notice! :)
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Created:
Updated:
Size: