CID 1123240: Resource leak on OOM in CodeGenerator.cpp as found by Coverity

RESOLVED FIXED in Firefox 29

Status

()

RESOLVED FIXED
5 years ago
4 months ago

People

(Reporter: gkw, Assigned: sunfish)

Tracking

(Blocks: 1 bug, {coverity, regression})

Trunk
mozilla29
coverity, regression
Points:
---
Dependency tree / graph

Firefox Tracking Flags

(firefox25 affected, firefox26 affected, firefox27 affected, firefox28 affected, firefox29 fixed, firefox-esr17 unaffected, firefox-esr24 affected, b2g18 unaffected)

Details

Attachments

(1 attachment)

(Reporter)

Description

5 years ago
Coverity analysis of Oct 31, 2013 source code has found a "resource leak" that may cause OOM.

http://hg.mozilla.org/mozilla-central/annotate/70de5e24d79b/js/src/jit/CodeGenerator.cpp#l2698 - count is not being freed here in CodeGenerator::maybeCreateScriptCounts?

bhackett, is this likely caused by bug 811349?
Flags: needinfo?(bhackett1024)
(Reporter)

Comment 1

5 years ago
(or might be a leak on OOM)
(Reporter)

Updated

5 years ago
Summary: Resource leak in CodeGenerator.cpp as found by Coverity, may cause OOM → Resource leak on OOM in CodeGenerator.cpp as found by Coverity
(Reporter)

Comment 2

5 years ago
This is CID 1123240.
(Assignee)

Comment 3

5 years ago
Created attachment 8344631 [details] [diff] [review]
cg-offsets-and-leak.patch

Attached is a patch which fixes the leak, and which fixes an oddity in the vicinity.

The "offset = script->pcToOffset(resume->pc());" restores a line of code which appears to have been accidentally made ineffective in change bc935b861f48, and accidentally buried in change 92a5a4a9b76b.

The rest of the patch is fixing the leak.
Assignee: nobody → sunfish
Attachment #8344631 - Flags: review?(bhackett1024)
Flags: needinfo?(bhackett1024)
Comment on attachment 8344631 [details] [diff] [review]
cg-offsets-and-leak.patch

Review of attachment 8344631 [details] [diff] [review]:
-----------------------------------------------------------------

Thanks!
Attachment #8344631 - Flags: review?(bhackett1024) → review+
Comment on attachment 8344631 [details] [diff] [review]
cg-offsets-and-leak.patch

Review of attachment 8344631 [details] [diff] [review]:
-----------------------------------------------------------------

::: js/src/jit/CodeGenerator.cpp
@@ +2779,5 @@
>              // to associate information about the inlining with.
>              MResumePoint *resume = block->entryResumePoint();
>              while (resume->caller())
>                  resume = resume->caller();
>              JS_ASSERT(script->containsPC(resume->pc()));

Oh, also, this assert will be captured in the pcToOffset() call and can be removed.
(Assignee)

Comment 6

5 years ago
(In reply to Brian Hackett (:bhackett) from comment #5)
> Comment on attachment 8344631 [details] [diff] [review]
> cg-offsets-and-leak.patch
> 
> Review of attachment 8344631 [details] [diff] [review]:
> -----------------------------------------------------------------
> 
> ::: js/src/jit/CodeGenerator.cpp
> @@ +2779,5 @@
> >              // to associate information about the inlining with.
> >              MResumePoint *resume = block->entryResumePoint();
> >              while (resume->caller())
> >                  resume = resume->caller();
> >              JS_ASSERT(script->containsPC(resume->pc()));
> 
> Oh, also, this assert will be captured in the pcToOffset() call and can be
> removed.

Ok, I removed it.

https://hg.mozilla.org/integration/mozilla-inbound/rev/66bdd9219610
https://hg.mozilla.org/mozilla-central/rev/66bdd9219610
Status: NEW → RESOLVED
Last Resolved: 5 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla29
(Reporter)

Updated

5 years ago
status-firefox29: --- → fixed
Summary: Resource leak on OOM in CodeGenerator.cpp as found by Coverity → CID 1123240: Resource leak on OOM in CodeGenerator.cpp as found by Coverity
Blocks: 1230156
You need to log in before you can comment on or make changes to this bug.