Magic-Mirror/gecko-dev
1
0
Fork 0
mirror of https://github.com/mozilla/gecko-dev.git synced 2024-10-11 04:15:43 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Bug 1396361 - Avoid crashing when some system library calls malloc_zone_free(zone, NULL). r=njn

Browse Source 
Some system libraries call malloc_zone_free directly instead of free,
and sometimes they do that with the wrong zone. When that happens, we
circle back, trying to find the right zone, and call malloc_zone_free
with the right one, but when we can't find one, we crash, which matches
what the system free() would do. Except in one case where the pointer
we're being passed is NULL, in which case we can't trace it back to any
zone, but shouldn't crash (system free() explicitly doesn't crash in
that case).

--HG--
extra : rebase_source : 17efdcd80f1a53be7ab6b7293bfb6060a9aa4a48
This commit is contained in:
Mike Hommey 2017-09-04 07:32:42 +09:00
parent d8b57ef9d7
commit acb85e2b41
1 changed files with 3 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
memory/build/zone.c
View File

@ -153,6 +153,9 @@ other_zone_free(malloc_zone_t* original_zone, void* ptr)
// one. We can't call libSystem's free directly because we're exporting // one. We can't call libSystem's free directly because we're exporting
// free from libmozglue and we'd pick that one, so we manually find the // free from libmozglue and we'd pick that one, so we manually find the
// right zone and free with it. // right zone and free with it.
if (!ptr) {
return;
}
malloc_zone_t* zone = malloc_zone_from_ptr(ptr); malloc_zone_t* zone = malloc_zone_from_ptr(ptr);
// The system allocator crashes voluntarily by default when a pointer can't // The system allocator crashes voluntarily by default when a pointer can't
// be traced back to a zone. Do the same. // be traced back to a zone. Do the same.