Closed Bug 81207 Opened 23 years ago Closed 23 years ago

[MLK] Leaking gs->transparent_pixel / trashing memory

Categories

(Core :: Graphics: ImageLib, defect, P1)

Product:
Core
Component:
Graphics: ImageLib
Type:
defect

Tracking

()

Status:
VERIFIED FIXED
Milestone:
mozilla0.9.2

People

(Reporter: beard, Assigned: arik)

References

(
URL
)

Details

(Keywords: memory-leak)

Attachments

(1 file)

Fixes memory leak and bogus free.
1022 bytes, patch
Details | Diff | Splinter Review 
The reason for the leak is that the code that deallocates is #if 0'd out on line 
553 of mozilla/modules/libpr0n/decoders/gif/GIF2.cpp. Simply removing the #if 0 
though doesn't fix the whole problem as there is a later bogus free occuring that 
will likely crash the browser. The Boehm GC Leak Detectorª asserts when you pass 
it a bogus pointer to free. The real problem that blakeross was masking happens 
in gif_clear_screen(), where the gs->transparent_pixel is getting freed, and then 
written over with garbage from an unitialized variable. Enclosing a patch which 
fixes the leak and the problem in gif_clear_screen().

This all begs the question, why is gs->transparent_pixel dynamically allocated at 
all? It only takes up 4-bytes, and so should just be a nested member of 
gif_struct.
Reassigning to ImageLib.
Assignee: mjudge → pavlov
Component: Image Conversion Library → ImageLib
Keywords: mlk
This is a memory trashing bug, in addition to al leak, because gif_clear_screen() 
writes over a good pointer with a random value. I think this bug is a show 
stopper.
Priority: -- → P1
Summary: [MLK] Leaking gs->transparent_pixel → [MLK] Leaking gs->transparent_pixel / trashing memory
over to saari... this is a dup of another bug of his, but leaving open since 
this talks about thrashing
Assignee: pavlov → saari
Whiteboard: DUPME
Related to 78796?
r=saari. This transparent pixel stuff is cruft, and should be static as beard
said, along with other dynamic allocations in the decoders.
Status: NEW → ASSIGNED
Keywords: patch
Target Milestone: --- → mozilla0.9.2
Noticed this under Purify...
*** Bug 77961 has been marked as a duplicate of this bug. ***
->arik
Assignee: saari → arik
Status: ASSIGNED → NEW
Whiteboard: DUPME
i don't understand, is the patch good? does it just need an sr=? is there still
a bug here?
Status: NEW → ASSIGNED
sr=hyatt

done.
Status: ASSIGNED → RESOLVED
Closed: 23 years ago
Resolution: --- → FIXED
Verified fix checked into lxr.mozilla.org
Status: RESOLVED → VERIFIED
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: