Closed Bug 798568 Opened 12 years ago Closed 12 years ago

Mismatched free in mozilla::gfx::AlphaBoxBlur::~AlphaBoxBlur()

Tracking

(Not tracked)

Status:

RESOLVED DUPLICATE of bug 798061

People

(Reporter: snorp, Assigned: blassey)

Details

Attachments

(1 file)

patch 12 years ago Brad Lassey [:blassey] (use needinfo?) 465 bytes, patch		Details \| Diff \| Splinter Review

James Willcox (:snorp) (jwillcox@mozilla.com) (he/him)

Reporter

Description

•

12 years ago

Got the following in a Valgrind run: I/sh ( 2918): ==2919== Mismatched free() / delete / delete [] I/sh ( 2918): ==2919== at 0x482A644: operator delete[](void*) (vg_replace_malloc.c:515) I/sh ( 2918): ==2919== by 0x327A3D87: mozilla::gfx::AlphaBoxBlur::~AlphaBoxBlur() (Blur.cpp:408) I/sh ( 2918): ==2919== by 0x325613D5: gfxAlphaBoxBlur::~gfxAlphaBoxBlur() (gfxBlur.cpp:23) I/sh ( 2918): ==2919== by 0x31B5E757: nsCSSRendering::PaintBoxShadowInner(nsPresContext*, nsRenderingContext&, nsIFrame*, nsRect const&, nsRect const&) (nsCSSRendering.h:553) I/sh ( 2918): ==2919== by 0x31B6E345: nsDisplayBoxShadowInner::Paint(nsDisplayListBuilder*, nsRenderingContext*) (nsDisplayList.cpp:2347) I/sh ( 2918): ==2919== by 0x31B454C9: mozilla::FrameLayerBuilder::DrawThebesLayer(mozilla::layers::ThebesLayer*, gfxContext*, nsIntRegion const&, nsIntRegion const&, void*) (FrameLayerBuilder.cpp:3238) I/sh ( 2918): ==2919== by 0x32597E21: mozilla::layers::BasicThebesLayer::PaintThebes(gfxContext*, mozilla::layers::Layer*, void (*)(mozilla::layers::ThebesLayer*, gfxContext*, nsIntRegion const&, nsIntRegion const&, void*), void*, mozilla::layers::ReadbackProcessor*) (BasicThebesLayer.cpp:139) I/sh ( 2918): ==2919== by 0x3259149B: mozilla::layers::BasicLayerManager::PaintSelfOrChildren(mozilla::layers::PaintContext&, gfxContext*) (BasicLayerManager.cpp:820) I/sh ( 2918): ==2919== by 0x32590A9F: mozilla::layers::BasicLayerManager::PaintLayer(gfxContext*, mozilla::layers::Layer*, void (*)(mozilla::layers::ThebesLayer*, gfxContext*, nsIntRegion const&, nsIntRegion const&, void*), void*, mozilla::layers::ReadbackProcessor*) (BasicLayerManager.cpp:939) I/sh ( 2918): ==2919== by 0x32591427: mozilla::layers::BasicLayerManager::PaintSelfOrChildren(mozilla::layers::PaintContext&, gfxContext*) (BasicLayerManager.cpp:835) I/sh ( 2918): ==2919== by 0x32590A9F: mozilla::layers::BasicLayerManager::PaintLayer(gfxContext*, mozilla::layers::Layer*, void (*)(mozilla::layers::ThebesLayer*, gfxContext*, nsIntRegion const&, nsIntRegion const&, void*), void*, mozilla::layers::ReadbackProcessor*) (BasicLayerManager.cpp:939) I/sh ( 2918): ==2919== by 0x325917ED: mozilla::layers::BasicLayerManager::EndTransactionInternal(void (*)(mozilla::layers::ThebesLayer*, gfxContext*, nsIntRegion const&, nsIntRegion const&, void*), void*, mozilla::layers::LayerManager::EndTransactionFlags) (BasicLayerManager.cpp:585) I/sh ( 2918): ==2919== by 0x32591861: mozilla::layers::BasicLayerManager::EndTransaction(void (*)(mozilla::layers::ThebesLayer*, gfxContext*, nsIntRegion const&, nsIntRegion const&, void*), void*, mozilla::layers::LayerManager::EndTransactionFlags) (BasicLayerManager.cpp:504) I/sh ( 2918): ==2919== by 0x31B7397F: nsDisplayList::PaintForFrame(nsDisplayListBuilder*, nsRenderingContext*, nsIFrame*, unsigned int) const (nsDisplayList.cpp:1099) I/sh ( 2918): ==2919== by 0x31B73D7B: nsDisplayList::PaintRoot(nsDisplayListBuilder*, nsRenderingContext*, unsigned int) const (nsDisplayList.cpp:966) I/sh ( 2918): ==2919== by 0x31B845E5: nsLayoutUtils::PaintFrame(nsRenderingContext*, nsIFrame*, nsRegion const&, unsigned int, unsigned int) (nsLayoutUtils.cpp:1835) I/sh ( 2918): ==2919== by 0x31B973C1: PresShell::RenderDocument(nsRect const&, unsigned int, unsigned int, gfxContext*) (nsPresShell.cpp:4385) I/sh ( 2918): ==2919== by 0x322F4433: mozilla::AndroidBridge::TakeScreenshot(nsIDOMWindow*, int, int, int, int, int, int, int, int, int, int, int, int, _jobject*) (AndroidBridge.cpp:2499) I/sh ( 2918): ==2919== by 0x322EDE45: ScreenshotRunnable::Run() (nsAppShell.cpp:89) I/sh ( 2918): ==2919== by 0x322ED583: RunnableMethod<ScreenshotRunnable, tag_nsresult (ScreenshotRunnable::*)(), Tuple0>::Run() (tuple.h:383) I/sh ( 2918): ==2919== Address 0x5539348 is 0 bytes inside a block of size 540 alloc'd I/sh ( 2918): ==2919== at 0x482B920: malloc (vg_replace_malloc.c:270) I/sh ( 2918): ==2919== by 0x327A420F: mozilla::gfx::AlphaBoxBlur::AlphaBoxBlur(mozilla::gfx::Rect const&, mozilla::gfx::IntSize const&, mozilla::gfx::IntSize const&, mozilla::gfx::Rect const*, mozilla::gfx::Rect const*) (Blur.cpp:384) I/sh ( 2918): ==2919== by 0x32561233: gfxAlphaBoxBlur::Init(gfxRect const&, nsIntSize const&, nsIntSize const&, gfxRect const*, gfxRect const*) (gfxBlur.cpp:52) I/sh ( 2918): ==2919== by 0x31B5E0C3: nsContextBoxBlur::Init(nsRect const&, int, int, int, gfxContext*, nsRect const&, gfxRect const*, unsigned int) (nsCSSRendering.cpp:4556) I/sh ( 2918): ==2919== by 0x31B5E61B: nsCSSRendering::PaintBoxShadowInner(nsPresContext*, nsRenderingContext&, nsIFrame*, nsRect const&, nsRect const&) (nsCSSRendering.cpp:1438) I/sh ( 2918): ==2919== by 0x31B6E345: nsDisplayBoxShadowInner::Paint(nsDisplayListBuilder*, nsRenderingContext*) (nsDisplayList.cpp:2347) I/sh ( 2918): ==2919== by 0x31B454C9: mozilla::FrameLayerBuilder::DrawThebesLayer(mozilla::layers::ThebesLayer*, gfxContext*, nsIntRegion const&, nsIntRegion const&, void*) (FrameLayerBuilder.cpp:3238) I/sh ( 2918): ==2919== by 0x32597E21: mozilla::layers::BasicThebesLayer::PaintThebes(gfxContext*, mozilla::layers::Layer*, void (*)(mozilla::layers::ThebesLayer*, gfxContext*, nsIntRegion const&, nsIntRegion const&, void*), void*, mozilla::layers::ReadbackProcessor*) (BasicThebesLayer.cpp:139) I/sh ( 2918): ==2919== by 0x3259149B: mozilla::layers::BasicLayerManager::PaintSelfOrChildren(mozilla::layers::PaintContext&, gfxContext*) (BasicLayerManager.cpp:820) I/sh ( 2918): ==2919== by 0x32590A9F: mozilla::layers::BasicLayerManager::PaintLayer(gfxContext*, mozilla::layers::Layer*, void (*)(mozilla::layers::ThebesLayer*, gfxContext*, nsIntRegion const&, nsIntRegion const&, void*), void*, mozilla::layers::ReadbackProcessor*) (BasicLayerManager.cpp:939) I/sh ( 2918): ==2919== by 0x32591427: mozilla::layers::BasicLayerManager::PaintSelfOrChildren(mozilla::layers::PaintContext&, gfxContext*) (BasicLayerManager.cpp:835) I/sh ( 2918): ==2919== by 0x32590A9F: mozilla::layers::BasicLayerManager::PaintLayer(gfxContext*, mozilla::layers::Layer*, void (*)(mozilla::layers::ThebesLayer*, gfxContext*, nsIntRegion const&, nsIntRegion const&, void*), void*, mozilla::layers::ReadbackProcessor*) (BasicLayerManager.cpp:939) I/sh ( 2918): ==2919== by 0x325917ED: mozilla::layers::BasicLayerManager::EndTransactionInternal(void (*)(mozilla::layers::ThebesLayer*, gfxContext*, nsIntRegion const&, nsIntRegion const&, void*), void*, mozilla::layers::LayerManager::EndTransactionFlags) (BasicLayerManager.cpp:585) I/sh ( 2918): ==2919== by 0x32591861: mozilla::layers::BasicLayerManager::EndTransaction(void (*)(mozilla::layers::ThebesLayer*, gfxContext*, nsIntRegion const&, nsIntRegion const&, void*), void*, mozilla::layers::LayerManager::EndTransactionFlags) (BasicLayerManager.cpp:504) I/sh ( 2918): ==2919== by 0x31B7397F: nsDisplayList::PaintForFrame(nsDisplayListBuilder*, nsRenderingContext*, nsIFrame*, unsigned int) const (nsDisplayList.cpp:1099) I/sh ( 2918): ==2919== by 0x31B73D7B: nsDisplayList::PaintRoot(nsDisplayListBuilder*, nsRenderingContext*, unsigned int) const (nsDisplayList.cpp:966) I/sh ( 2918): ==2919== by 0x31B845E5: nsLayoutUtils::PaintFrame(nsRenderingContext*, nsIFrame*, nsRegion const&, unsigned int, unsigned int) (nsLayoutUtils.cpp:1835) I/sh ( 2918): ==2919== by 0x31B973C1: PresShell::RenderDocument(nsRect const&, unsigned int, unsigned int, gfxContext*) (nsPresShell.cpp:4385) I/sh ( 2918): ==2919== by 0x322F4433: mozilla::AndroidBridge::TakeScreenshot(nsIDOMWindow*, int, int, int, int, int, int, int, int, int, int, int, int, _jobject*) (AndroidBridge.cpp:2499) I/sh ( 2918): ==2919== by 0x322EDE45: ScreenshotRunnable::Run() (nsAppShell.cpp:89)

Brad Lassey [:blassey] (use needinfo?)

Assignee

Updated

•

12 years ago

tracking-fennec: --- → ?

Brad Lassey [:blassey] (use needinfo?)

Assignee

Comment 1

•

12 years ago

Attached patch patch — Details — Splinter Review

Assignee: nobody → blassey.bugs

Attachment #669104 - Flags: review?

Brad Lassey [:blassey] (use needinfo?)

Assignee

Comment 2

•

12 years ago

Comment on attachment 669104 [details] [diff] [review] patch ># HG changeset patch ># User Brad Lassey <blassey@mozilla.com> ># Date 1349695335 14400 ># Node ID f6aa99147f79f4c3dd3bb8f0f3c3c134d0d00ac9 ># Parent acd25563db2f88e18f5db59b36b7e8a65252c9a9 >[mq]: mismatched_alloc > >diff --git a/gfx/2d/Blur.cpp b/gfx/2d/Blur.cpp >--- a/gfx/2d/Blur.cpp >+++ b/gfx/2d/Blur.cpp >@@ -405,7 +405,7 @@ AlphaBoxBlur::AlphaBoxBlur(uint8_t* aDat > AlphaBoxBlur::~AlphaBoxBlur() > { > if (mFreeData) { >- delete mData; >+ free(mData); > } > } >

Attachment #669104 - Flags: review? → review?(joe)

Joe Drew (not getting mail)

Updated

•

12 years ago

Status: NEW → RESOLVED

Closed: 12 years ago

Resolution: --- → DUPLICATE

Joe Drew (not getting mail)

Updated

•

12 years ago

Attachment #669104 - Flags: review?(joe)

Nobody; OK to take it and work on it

Updated

•

11 years ago

tracking-fennec: ? → ---

BMO Automation

Updated

•

4 years ago

Product: Firefox for Android → Firefox for Android Graveyard

You need to log in before you can comment on or make changes to this bug.

Bugzilla

Mismatched free in mozilla::gfx::AlphaBoxBlur::~AlphaBoxBlur()

Categories

(Firefox for Android Graveyard :: Toolbar, defect)

Tracking

(Not tracked)

People

(Reporter: snorp, Assigned: blassey)

References

Details

Crash Data

Security

(public)

User Story

Attachments

(1 file)

Description

Updated

Comment 1

Comment 2

Updated

Updated

Updated

Updated

Attachment

General

Description

File Name

Content Type