Bugzilla (bugzilla.redhat.com) will be under maintenance for infrastructure upgrades and will not be unavailable on July 31st between 12:30 AM - 05:30 AM UTC. We appreciate your understanding and patience. You can follow status.redhat.com for details.
Bug 1410190 - Leak in js/src/jsarray.cpp:JSObject::allocateSlowArrayElements()
Summary: Leak in js/src/jsarray.cpp:JSObject::allocateSlowArrayElements()
Keywords:
Status: CLOSED WONTFIX
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: mozjs17
Version: 7.2
Hardware: All
OS: Linux
unspecified
medium
Target Milestone: rc
: ---
Assignee: Colin Walters
QA Contact: Desktop QE
URL:
Whiteboard:
Depends On:
Blocks: 1420851
TreeView+ depends on / blocked
 
Reported: 2017-01-04 17:33 UTC by Paulo Andrade
Modified: 2021-01-15 07:29 UTC (History)
0 users

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2021-01-15 07:29:50 UTC
Target Upstream Version:

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description Paulo Andrade 2017-01-04 17:33:13 UTC 
Possible pseudo patch, without testing (need to check
and/or validate if it would be released):

 bool
 JSObject::allocateSlowArrayElements(JSContext *cx)
 {
     JS_ASSERT(hasClass(&js::SlowArrayClass));
     JS_ASSERT(elements == emptyObjectElements);
 
-    ObjectElements *header = cx->new_<ObjectElements>(0, 0);
+    ObjectElements *header = ObjectElements(0, 0);
     if (!header)
         return false;
 
     elements = header->elements();
     return true;
 }

  This is from valgrind on polkit:

==00:18:13:25.008 9577== 16 bytes in 1 blocks are definitely lost in loss record 631 of 2,339
==00:18:13:25.008 9577==    at 0x4C29BFD: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==00:18:13:25.008 9577==    by 0x5BD76E8: UnknownInlinedFun (Utility.h:157)
==00:18:13:25.008 9577==    by 0x5BD76E8: malloc_ (jscntxt.h:922)
==00:18:13:25.008 9577==    by 0x5BD76E8: malloc_ (jscntxt.h:1416)
==00:18:13:25.008 9577==    by 0x5BD76E8: new_<js::ObjectElements, int, int> (jscntxt.h:1440)
==00:18:13:25.008 9577==    by 0x5BD76E8: allocateSlowArrayElements (jsarray.cpp:1233)
==00:18:13:25.008 9577==    by 0x5BD76E8: AddLengthProperty(JSContext*, JS::Handle<JSObject*>) (jsarray.cpp:1254)
==00:18:13:25.008 9577==    by 0x5BDF560: js_InitArrayClass(JSContext*, JSObject*) (jsarray.cpp:3551)
==00:18:13:25.008 9577==    by 0x5D67BFC: js::GlobalObject::initStandardClasses(JSContext*, JS::Handle<js::GlobalObject*>) (GlobalObject.cpp:514)
==00:18:13:25.008 9577==    by 0x5BC690B: JS_InitStandardClasses (jsapi.cpp:1783)
==00:18:13:25.008 9577==    by 0x114F8E: polkit_backend_js_authority_constructed (polkitbackendjsauthority.c:496)
==00:18:13:25.008 9577==    by 0x53E6D61: ??? (in /usr/lib64/libgobject-2.0.so.0.4600.2)
==00:18:13:25.008 9577==    by 0x53E88EC: g_object_newv (in /usr/lib64/libgobject-2.0.so.0.4600.2)
==00:18:13:25.008 9577==    by 0x53E90B3: g_object_new (in /usr/lib64/libgobject-2.0.so.0.4600.2)
==00:18:13:25.008 9577==    by 0x112D09: polkit_backend_authority_get (polkitbackendauthority.c:1376)
==00:18:13:25.008 9577==    by 0x111565: main (polkitd.c:217)

while the leak is small, it may be an issue for applications
with several js contexts.
Comment 3 RHEL Program Management 2021-01-15 07:29:50 UTC 
After evaluating this issue, there are no plans to address it further or fix it in an upcoming release.  Therefore, it is being closed.  If plans change such that this issue will be fixed in an upcoming release, then the bug can be reopened.
Note You need to log in before you can comment on or make changes to this bug.