Closed
Bug 81207
Opened 23 years ago
Closed 23 years ago
[MLK] Leaking gs->transparent_pixel / trashing memory
Categories
(Core :: Graphics: ImageLib, defect, P1)
Core
Graphics: ImageLib
Tracking
()
VERIFIED
FIXED
mozilla0.9.2
People
(Reporter: beard, Assigned: arik)
References
()
Details
(Keywords: memory-leak)
Attachments
(1 file)
1022 bytes,
patch
|
Details | Diff | Splinter Review |
The reason for the leak is that the code that deallocates is #if 0'd out on line 553 of mozilla/modules/libpr0n/decoders/gif/GIF2.cpp. Simply removing the #if 0 though doesn't fix the whole problem as there is a later bogus free occuring that will likely crash the browser. The Boehm GC Leak Detectorª asserts when you pass it a bogus pointer to free. The real problem that blakeross was masking happens in gif_clear_screen(), where the gs->transparent_pixel is getting freed, and then written over with garbage from an unitialized variable. Enclosing a patch which fixes the leak and the problem in gif_clear_screen(). This all begs the question, why is gs->transparent_pixel dynamically allocated at all? It only takes up 4-bytes, and so should just be a nested member of gif_struct.
Reporter | ||
Comment 1•23 years ago
|
||
Reporter | ||
Comment 2•23 years ago
|
||
Reassigning to ImageLib.
Reporter | ||
Comment 3•23 years ago
|
||
This is a memory trashing bug, in addition to al leak, because gif_clear_screen() writes over a good pointer with a random value. I think this bug is a show stopper.
Priority: -- → P1
Reporter | ||
Updated•23 years ago
|
Summary: [MLK] Leaking gs->transparent_pixel → [MLK] Leaking gs->transparent_pixel / trashing memory
Comment 4•23 years ago
|
||
over to saari... this is a dup of another bug of his, but leaving open since this talks about thrashing
Assignee: pavlov → saari
Updated•23 years ago
|
Whiteboard: DUPME
Comment 5•23 years ago
|
||
Related to 78796?
Comment 6•23 years ago
|
||
r=saari. This transparent pixel stuff is cruft, and should be static as beard said, along with other dynamic allocations in the decoders.
Comment 7•23 years ago
|
||
Noticed this under Purify...
Assignee | ||
Comment 10•23 years ago
|
||
i don't understand, is the patch good? does it just need an sr=? is there still a bug here?
Status: NEW → ASSIGNED
Comment 11•23 years ago
|
||
sr=hyatt
Assignee | ||
Comment 12•23 years ago
|
||
done.
Status: ASSIGNED → RESOLVED
Closed: 23 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•