Closed Bug 935834 Opened 11 years ago Closed 11 years ago

CID 1123240: Resource leak on OOM in CodeGenerator.cpp as found by Coverity

Categories

(Core :: JavaScript Engine: JIT, defect)

defect
Not set
normal

Tracking

()

RESOLVED FIXED
mozilla29
Tracking Status
firefox25 --- affected
firefox26 --- affected
firefox27 --- affected
firefox28 --- affected
firefox29 --- fixed
firefox-esr17 --- unaffected
firefox-esr24 --- affected
b2g18 --- unaffected

People

(Reporter: gkw, Assigned: sunfish)

References

(Blocks 1 open bug)

Details

(Keywords: coverity, regression)

Attachments

(1 file)

Coverity analysis of Oct 31, 2013 source code has found a "resource leak" that may cause OOM. http://hg.mozilla.org/mozilla-central/annotate/70de5e24d79b/js/src/jit/CodeGenerator.cpp#l2698 - count is not being freed here in CodeGenerator::maybeCreateScriptCounts? bhackett, is this likely caused by bug 811349?
Flags: needinfo?(bhackett1024)
(or might be a leak on OOM)
Summary: Resource leak in CodeGenerator.cpp as found by Coverity, may cause OOM → Resource leak on OOM in CodeGenerator.cpp as found by Coverity
This is CID 1123240.
Attached is a patch which fixes the leak, and which fixes an oddity in the vicinity. The "offset = script->pcToOffset(resume->pc());" restores a line of code which appears to have been accidentally made ineffective in change bc935b861f48, and accidentally buried in change 92a5a4a9b76b. The rest of the patch is fixing the leak.
Assignee: nobody → sunfish
Attachment #8344631 - Flags: review?(bhackett1024)
Flags: needinfo?(bhackett1024)
Comment on attachment 8344631 [details] [diff] [review] cg-offsets-and-leak.patch Review of attachment 8344631 [details] [diff] [review]: ----------------------------------------------------------------- Thanks!
Attachment #8344631 - Flags: review?(bhackett1024) → review+
Comment on attachment 8344631 [details] [diff] [review] cg-offsets-and-leak.patch Review of attachment 8344631 [details] [diff] [review]: ----------------------------------------------------------------- ::: js/src/jit/CodeGenerator.cpp @@ +2779,5 @@ > // to associate information about the inlining with. > MResumePoint *resume = block->entryResumePoint(); > while (resume->caller()) > resume = resume->caller(); > JS_ASSERT(script->containsPC(resume->pc())); Oh, also, this assert will be captured in the pcToOffset() call and can be removed.
(In reply to Brian Hackett (:bhackett) from comment #5) > Comment on attachment 8344631 [details] [diff] [review] > cg-offsets-and-leak.patch > > Review of attachment 8344631 [details] [diff] [review]: > ----------------------------------------------------------------- > > ::: js/src/jit/CodeGenerator.cpp > @@ +2779,5 @@ > > // to associate information about the inlining with. > > MResumePoint *resume = block->entryResumePoint(); > > while (resume->caller()) > > resume = resume->caller(); > > JS_ASSERT(script->containsPC(resume->pc())); > > Oh, also, this assert will be captured in the pcToOffset() call and can be > removed. Ok, I removed it. https://hg.mozilla.org/integration/mozilla-inbound/rev/66bdd9219610
Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla29
Summary: Resource leak on OOM in CodeGenerator.cpp as found by Coverity → CID 1123240: Resource leak on OOM in CodeGenerator.cpp as found by Coverity
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Created:
Updated:
Size: