Closed
Bug 9848
Opened 25 years ago
Closed 24 years ago
[malloc] memory allocation problems - html/table
Categories
(Core :: Layout: Tables, defect, P3)
Tracking
()
RESOLVED
FIXED
M10
People
(Reporter: chofmann, Assigned: karnaze)
References
Details
Attachments
(1 file)
5.50 KB,
patch
|
Details | Diff | Splinter Review |
[malloc] memory allocation problems - html/table check bug 8227 for more details on what needs to be done to this code s:/mozilla/layout/html/table/src/BasicTableLayoutStrategy.cpp Deref-error: "spanInfo", line 1247 Deref-error: "spanInfo", line 1248 Deref-error: "spanInfo", line 1878 Deref-error: "spanInfo", line 1879 s:/mozilla/layout/html/table/src/nsTableFrame.cpp Deref-error: "data", line 1106 Deref-error: "data", line 1107 Deref-error: "spanData", line 1132 Deref-error: "overlap", line 1140 Deref-error: "overlap", line 1141 Deref-error: "overlap", line 1142
Assignee | ||
Updated•25 years ago
|
Status: NEW → ASSIGNED
Target Milestone: M10
Assignee | ||
Updated•25 years ago
|
Status: ASSIGNED → RESOLVED
Closed: 25 years ago
Resolution: --- → INVALID
Assignee | ||
Comment 1•25 years ago
|
||
These two files have changed significantly since the bug was opened. I can't find the relevant info.
the problem as described in bug 8227 occures at http://lxr.mozilla.org/seamonkey/source/layout/html/table/src/BasicTableLayoutStrategy.cpp#1911 but this pure debug code not included in the build. http://lxr.mozilla.org/seamonkey/source/layout/html/table/src/nsTableFrame.cpp#219 http://lxr.mozilla.org/seamonkey/source/layout/html/table/src/nsTableFrame.cpp#3371 http://lxr.mozilla.org/seamonkey/source/layout/html/table/src/nsTableFrame.cpp#3371 http://lxr.mozilla.org/seamonkey/source/layout/html/table/src/nsTableFrame.cpp#3761 look suspicious. Chris could you verify these? The lines as noted in the original bug report do not exist. I searched for every new statement in those files.
Comment 3•24 years ago
|
||
yesterday was bugzilla down, so I had time to check all malloc's in the table/src directory. I tested also the dreftool, but nothing compares to good old hand craft. I greped '= new ' and looked on all lines that came out. Below is the result. Lines with OK show that the result of new is checked afterwards, Problem indicates that the code was not clear enough for me to decide whether the code handles a new failure or not. Due to the logic expressed in 8227 I reopen the bug. OK BasicTableLayoutStrategy.cpp:254: PRInt32* allocTypes = new PRInt32[numCols]; OK BasicTableLayoutStrategy.cpp:1581: nsColInfo** colInfo = new nsColInfo*[numConstrainedCols]; OK BasicTableLayoutStrategy.cpp:1613: colInfo[constrColX] = new nsColInfo(colFrame, colX, minWidth, startWidth, maxWidth); Problem BasicTableLayoutStrategy.cpp:1911: char* indent = new char[aIndent + 1]; Problem FixedTableLayoutStrategy.cpp:81: nscoord* colWidths = new PRBool[numCols]; Problem FixedTableLayoutStrategy.cpp:84: nscoord* propInfo = new PRBool[numCols]; OK nsCellMap.cpp:110: nsCellMap* newMap = new nsCellMap(aNewGroup); OK nsCellMap.cpp:245: nsColInfo* colInfo = new nsColInfo(); Problem nsCellMap.cpp:713: CellData* origData = new CellData(&aCellFrame); Problem nsCellMap.cpp:759: cellData = new CellData(nsnull); OK nsCellMap.cpp:955: CellData* origData = new CellData(cellFrame); // the originating cell OK nsCellMap.cpp:977: data = new CellData(nsnull); OK nsCellMap.cpp:1288: void** origRows = new void*[numOrigRows]; OK nsCellMap.cpp:1382: void** origRows = new void*[numOrigRows]; OK nsCellMap.cpp:1603: CellData* newData = new CellData(nsnull); Problem nsTableBorderCollapser.cpp:177: nsBorderEdge* borderToAdd = new nsBorderEdge(); Problem nsTableBorderCollapser.cpp:260: nsBorderEdge* borderToAdd = new nsBorderEdge(); problem nsTableBorderCollapser.cpp:383: nsBorderEdge* borderToAdd = new nsBorderEdge(); Problem nsTableBorderCollapser.cpp:473: nsBorderEdge* borderToAdd = new nsBorderEdge(); Problem nsTableCellFrame.cpp:174: mBorderEdges = new nsBorderEdges; Problem nsTableCellFrame.cpp:180: nsBorderEdge *borderToAdd = new nsBorderEdge(); Problem nsTableCellFrame.cpp:182: borderToAdd = new nsBorderEdge(); Problem nsTableCellFrame.cpp:187: nsBorderEdge *borderToAdd = new nsBorderEdge(); Problem nsTableCellFrame.cpp:189: borderToAdd = new nsBorderEdge(); OK nsTableCellFrame.cpp:1222: nsTableCellFrame* it = new (aPresShell) nsTableCellFrame; Problem nsTableCellFrame.cpp:1335: nsPoint* offset = new nsPoint(0, 0); Problem nsTableColFrame.cpp:218: char* indent = new char[aIndent + 1]; OK nsTableColFrame.cpp:243: nsTableColFrame* it = new (aPresShell) nsTableColFrame; OK nsTableColGroupFrame.cpp:757: nsTableColGroupFrame* it = new (aPresShell) nsTableColGroupFrame; Problem nsTableFrame.cpp:185: mColumnWidths = new PRInt32[mColumnWidthsLength]; Problem nsTableFrame.cpp:219: mCellMap = new nsTableCellMap(aPresContext, *this); Problem nsTableFrame.cpp:234: mBorderCollapser = new nsTableBorderCollapser(*this); Problem nsTableFrame.cpp:3377: PRInt32 * newColumnWidthsArray = new PRInt32[mColumnWidthsLength]; Problem nsTableFrame.cpp:3397: mTableLayoutStrategy = new FixedTableLayoutStrategy(this); Problem nsTableFrame.cpp:3399: mTableLayoutStrategy = new BasicTableLayoutStrategy(this, eCompatibility_NavQuirks == mode); Problem nsTableFrame.cpp:3767: mColumnWidths = new PRInt32[mColumnWidthsLength]; OK nsTableFrame.cpp:4111: nsTableFrame* it = new (aPresShell) nsTableFrame; OK nsTableOuterFrame.cpp:83: nsTableCaptionFrame* it = new (aPresShell) nsTableCaptionFrame; OK nsTableOuterFrame.cpp:1627: nsTableOuterFrame* it = new (aPresShell) nsTableOuterFrame; OK nsTableRowFrame.cpp:1650: nsTableRowFrame* it = new (aPresShell) nsTableRowFrame; OK nsTableRowGroupFrame.cpp:594: rowHeights = new nscoord[numRows]; OK nsTableRowGroupFrame.cpp:1671: nsTableRowGroupFrame* it = new (aPresShell) nsTableRowGroupFrame;
Status: RESOLVED → REOPENED
Resolution: INVALID → ---
Assignee | ||
Comment 4•24 years ago
|
||
Assignee | ||
Comment 5•24 years ago
|
||
The patch fixes the cases Bernd identified except those involving collapsing borders (that code is not enabled and will eventually be removed). Thanks Bernd.
Assignee | ||
Comment 6•24 years ago
|
||
The patch is in. It would be useful to to set each of these pointers to null right after the call to new to see what happens. I don't have time for this right now.
Status: REOPENED → RESOLVED
Closed: 25 years ago → 24 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•