Closed
Bug 935834
Opened 11 years ago
Closed 11 years ago
CID 1123240: Resource leak on OOM in CodeGenerator.cpp as found by Coverity
Categories
(Core :: JavaScript Engine: JIT, defect)
Core
JavaScript Engine: JIT
Tracking
()
RESOLVED
FIXED
mozilla29
Tracking | Status | |
---|---|---|
firefox25 | --- | affected |
firefox26 | --- | affected |
firefox27 | --- | affected |
firefox28 | --- | affected |
firefox29 | --- | fixed |
firefox-esr17 | --- | unaffected |
firefox-esr24 | --- | affected |
b2g18 | --- | unaffected |
People
(Reporter: gkw, Assigned: sunfish)
References
(Blocks 1 open bug)
Details
(Keywords: coverity, regression)
Attachments
(1 file)
1.96 KB,
patch
|
bhackett1024
:
review+
|
Details | Diff | Splinter Review |
Coverity analysis of Oct 31, 2013 source code has found a "resource leak" that may cause OOM.
http://hg.mozilla.org/mozilla-central/annotate/70de5e24d79b/js/src/jit/CodeGenerator.cpp#l2698 - count is not being freed here in CodeGenerator::maybeCreateScriptCounts?
bhackett, is this likely caused by bug 811349?
Flags: needinfo?(bhackett1024)
Reporter | ||
Comment 1•11 years ago
|
||
(or might be a leak on OOM)
Reporter | ||
Updated•11 years ago
|
Summary: Resource leak in CodeGenerator.cpp as found by Coverity, may cause OOM → Resource leak on OOM in CodeGenerator.cpp as found by Coverity
Reporter | ||
Comment 2•11 years ago
|
||
This is CID 1123240.
Assignee | ||
Comment 3•11 years ago
|
||
Attached is a patch which fixes the leak, and which fixes an oddity in the vicinity.
The "offset = script->pcToOffset(resume->pc());" restores a line of code which appears to have been accidentally made ineffective in change bc935b861f48, and accidentally buried in change 92a5a4a9b76b.
The rest of the patch is fixing the leak.
Assignee: nobody → sunfish
Attachment #8344631 -
Flags: review?(bhackett1024)
Flags: needinfo?(bhackett1024)
Comment 4•11 years ago
|
||
Comment on attachment 8344631 [details] [diff] [review]
cg-offsets-and-leak.patch
Review of attachment 8344631 [details] [diff] [review]:
-----------------------------------------------------------------
Thanks!
Attachment #8344631 -
Flags: review?(bhackett1024) → review+
Comment 5•11 years ago
|
||
Comment on attachment 8344631 [details] [diff] [review]
cg-offsets-and-leak.patch
Review of attachment 8344631 [details] [diff] [review]:
-----------------------------------------------------------------
::: js/src/jit/CodeGenerator.cpp
@@ +2779,5 @@
> // to associate information about the inlining with.
> MResumePoint *resume = block->entryResumePoint();
> while (resume->caller())
> resume = resume->caller();
> JS_ASSERT(script->containsPC(resume->pc()));
Oh, also, this assert will be captured in the pcToOffset() call and can be removed.
Assignee | ||
Comment 6•11 years ago
|
||
(In reply to Brian Hackett (:bhackett) from comment #5)
> Comment on attachment 8344631 [details] [diff] [review]
> cg-offsets-and-leak.patch
>
> Review of attachment 8344631 [details] [diff] [review]:
> -----------------------------------------------------------------
>
> ::: js/src/jit/CodeGenerator.cpp
> @@ +2779,5 @@
> > // to associate information about the inlining with.
> > MResumePoint *resume = block->entryResumePoint();
> > while (resume->caller())
> > resume = resume->caller();
> > JS_ASSERT(script->containsPC(resume->pc()));
>
> Oh, also, this assert will be captured in the pcToOffset() call and can be
> removed.
Ok, I removed it.
https://hg.mozilla.org/integration/mozilla-inbound/rev/66bdd9219610
Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla29
Reporter | ||
Updated•11 years ago
|
status-firefox29:
--- → fixed
Summary: Resource leak on OOM in CodeGenerator.cpp as found by Coverity → CID 1123240: Resource leak on OOM in CodeGenerator.cpp as found by Coverity
Updated•6 years ago
|
Blocks: coverity-analysis
You need to log in
before you can comment on or make changes to this bug.
Description
•