Closed
Bug 798061
Opened 12 years ago
Closed 12 years ago
Mismatched malloc vs delete[] in mozilla::gfx::AlphaBoxBlur::~AlphaBoxBlur()
Categories
(Core :: Graphics, defect)
Tracking
()
RESOLVED
FIXED
mozilla18
People
(Reporter: jseward, Assigned: joe)
References
Details
(Keywords: valgrind)
Attachments
(1 file)
422 bytes,
patch
|
jrmuizel
:
review+
|
Details | Diff | Splinter Review |
Seen on all Fennec startups on NexusS/ICS. Could be construed as a
potential crasher in some configurations since the allocating and
freeing DSOs are different (libc.so to allocate, libstdc++.so to
deallocate.)
Mismatched free() / delete / delete []
at 0x4805D28: operator delete[](void*) (vg_replace_malloc.c:527)
by 0x3242E02F: mozilla::gfx::AlphaBoxBlur::~AlphaBoxBlur() (Blur.cpp:408)
by 0x321FAB15: gfxAlphaBoxBlur::~gfxAlphaBoxBlur() (gfxBlur.cpp:23)
by 0x319A8D39: nsTextFrame::PaintOneShadow(unsigned int, unsigned int, nsCSSShadowItem*, PropertyProvider*, nsRect const&,
gfxPoint const&, gfxPoint const&, gfxContext*, unsigned int const&, nsCharClipDisplayItem::ClipEdges const&, int, gfxRect&) (nsCSSRendering.h:553)
by 0x319A9BE1: nsTextFrame::PaintText(nsRenderingContext*, nsPoint, nsRect const&, nsCharClipDisplayItem const&, nsTextFram
e::DrawPathCallbacks*) (nsTextFrameThebes.cpp:5885)
by 0x319A9CA1: nsDisplayText::Paint(nsDisplayListBuilder*, nsRenderingContext*) (nsTextFrameThebes.cpp:4576)
by 0x318F3C11: mozilla::FrameLayerBuilder::DrawThebesLayer(mozilla::layers::ThebesLayer*, gfxContext*, nsIntRegion const&,
nsIntRegion const&, void*) (FrameLayerBuilder.cpp:3238)
by 0x3222F6FB: mozilla::layers::BasicTiledLayerBuffer::PaintThebes(mozilla::layers::BasicTiledThebesLayer*, nsIntRegion con
st&, nsIntRegion const&, void (*)(mozilla::layers::ThebesLayer*, gfxContext*, nsIntRegion const&, nsIntRegion const&, void*), void*) (BasicTiledThebesLayer.cpp:107)
by 0x3222FB57: mozilla::layers::BasicTiledThebesLayer::PaintThebes(gfxContext*, mozilla::layers::Layer*, void (*)(mozilla::
layers::ThebesLayer*, gfxContext*, nsIntRegion const&, nsIntRegion const&, void*), void*, mozilla::layers::ReadbackProcessor*) (BasicTiledThebesLayer.cpp:335)
by 0x32226D9B: mozilla::layers::BasicLayerManager::PaintSelfOrChildren(mozilla::layers::PaintContext&, gfxContext*) (BasicL
ayerManager.cpp:813)
by 0x32226241: mozilla::layers::BasicLayerManager::PaintLayer(gfxContext*, mozilla::layers::Layer*, void (*)(mozilla::layers::ThebesLayer*, gfxContext*, nsIntRegion const&, nsIntRegion const&, void*), void*, mozilla::layers::ReadbackProcessor*) (BasicLayerManager.cpp:920)
by 0x32226D27: mozilla::layers::BasicLayerManager::PaintSelfOrChildren(mozilla::layers::PaintContext&, gfxContext*) (BasicLayerManager.cpp:828)
Address 0x2850c458 is 0 bytes inside a block of size 5,920 alloc'd
at 0x4807648: malloc (vg_replace_malloc.c:273)
by 0x3242E4A3: mozilla::gfx::AlphaBoxBlur::AlphaBoxBlur(mozilla::gfx::Rect const&, mozilla::gfx::IntSize const&, mozilla::gfx::IntSize const&, mozilla::gfx::Rect const*, mozilla::gfx::Rect const*) (Blur.cpp:384)
by 0x321FA9EB: gfxAlphaBoxBlur::Init(gfxRect const&, nsIntSize const&, nsIntSize const&, gfxRect const*, gfxRect const*) (gfxBlur.cpp:52)
by 0x3190BCFD: nsContextBoxBlur::Init(nsRect const&, int, int, int, gfxContext*, nsRect const&, gfxRect const*, unsigned int) (nsCSSRendering.cpp:4552)
by 0x319A8BB9: nsTextFrame::PaintOneShadow(unsigned int, unsigned int, nsCSSShadowItem*, PropertyProvider*, nsRect const&, gfxPoint const&, gfxPoint const&, gfxContext*, unsigned int const&, nsCharClipDisplayItem::ClipEdges const&, int, gfxRect&) (nsTextFrameThebes.cpp:5353)
by 0x319A9BE1: nsTextFrame::PaintText(nsRenderingContext*, nsPoint, nsRect const&, nsCharClipDisplayItem const&, nsTextFrame::DrawPathCallbacks*) (nsTextFrameThebes.cpp:5885)
by 0x319A9CA1: nsDisplayText::Paint(nsDisplayListBuilder*, nsRenderingContext*) (nsTextFrameThebes.cpp:4576)
by 0x318F3C11: mozilla::FrameLayerBuilder::DrawThebesLayer(mozilla::layers::ThebesLayer*, gfxContext*, nsIntRegion const&, nsIntRegion const&, void*) (FrameLayerBuilder.cpp:3238)
by 0x3222F6FB: mozilla::layers::BasicTiledLayerBuffer::PaintThebes(mozilla::layers::BasicTiledThebesLayer*, nsIntRegion const&, nsIntRegion const&, void (*)(mozilla::layers::ThebesLayer*, gfxContext*, nsIntRegion const&, nsIntRegion const&, void*), void*) (BasicTiledThebesLayer.cpp:107)
by 0x3222FB57: mozilla::layers::BasicTiledThebesLayer::PaintThebes(gfxContext*, mozilla::layers::Layer*, void (*)(mozilla::layers::ThebesLayer*, gfxContext*, nsIntRegion const&, nsIntRegion const&, void*), void*, mozilla::layers::ReadbackProcessor*) (BasicTiledThebesLayer.cpp:335)
by 0x32226D9B: mozilla::layers::BasicLayerManager::PaintSelfOrChildren(mozilla::layers::PaintContext&, gfxContext*) (BasicLayerManager.cpp:813)
by 0x32226241: mozilla::layers::BasicLayerManager::PaintLayer(gfxContext*, mozilla::layers::Layer*, void (*)(mozilla::layers::ThebesLayer*, gfxContext*, nsIntRegion const&, nsIntRegion const&, void*), void*, mozilla::layers::ReadbackProcessor*) (BasicLayerManager.cpp:920)
// same again (truncated), complained about by V's DSO consistency checker
Mismatched DSOs: allocated by libc.so.*, freed by libstdc++*
at 0x4805D28: operator delete[](void*) (vg_replace_malloc.c:527)
by 0x3242E02F: mozilla::gfx::AlphaBoxBlur::~AlphaBoxBlur() (Blur.cpp:408)
[...]
Address 0x2850c458 is 0 bytes inside a block of size 5,920 alloc'd
at 0x4807648: malloc (vg_replace_malloc.c:273)
by 0x3242E4A3: mozilla::gfx::AlphaBoxBlur::AlphaBoxBlur(mozilla::gfx::Rect
[...]
Assignee | ||
Updated•12 years ago
|
Component: Graphics: Layers → Graphics
Assignee | ||
Comment 1•12 years ago
|
||
Assignee: nobody → joe
Attachment #668285 -
Flags: review?(jmuizelaar)
Updated•12 years ago
|
Attachment #668285 -
Flags: review?(jmuizelaar) → review+
Reporter | ||
Updated•12 years ago
|
Keywords: checkin-needed,
valgrind
Comment 2•12 years ago
|
||
https://hg.mozilla.org/integration/mozilla-inbound/rev/9c483486bf39
Please make sure your patches contain all the needed commit information next time you request checkin. Makes life easier :)
Flags: in-testsuite-
Keywords: checkin-needed
Comment 3•12 years ago
|
||
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla18
Assignee | ||
Comment 4•12 years ago
|
||
(In reply to Ryan VanderMeulen from comment #2)
> https://hg.mozilla.org/integration/mozilla-inbound/rev/9c483486bf39
>
> Please make sure your patches contain all the needed commit information next
> time you request checkin. Makes life easier :)
I intended to check this in myself; Julian set checkin-needed and I didn't notice! :)
You need to log in
before you can comment on or make changes to this bug.
Description
•