Closed Bug 127806 Opened 23 years ago Closed 23 years ago

FMM: freeing mismatched mem in nsFSURLEncoded::URLEncode

Categories

(Core :: DOM: Core & HTML, defect, P1)

Product:
Core
Component:
DOM: Core & HTML
Platform:
x86
Windows 2000
Type:
defect

Tracking

()

Status:
VERIFIED FIXED
Milestone:
mozilla1.0

People

(Reporter: jrgmorrison, Assigned: john)

Details

this is bug 114356, redux. Same steps: "I get the FMM just from submitting the form on http://cowtools/page-loader/loader.pl, but that is a very vanilla form, so I assume any form would do for testing." Marking nsbeta1, as the other bug was nsbeta1+. Output of purify (total of 8 occurences from a signal submit button push). ---------------------------------------------------------------------- [E] FMM: Freeing mismatched memory in free {3 occurrences} Address 0x0944dfe8 points into a C++ new block in heap 0x02cb0000 Location of free attempt free [msvcrt.DLL] PR_Free [prmem.c:430] nsFSURLEncoded::URLEncode(nsAString const&,nsCString&) [nsFormSubmission.cpp:347] char* convertedBuf = nsLinebreakConverter::ConvertLineBreaks(inBuf, nsLinebreakConverter::eLinebreakAny, nsLinebreakConverter::eLinebreakNet); => nsMemory::Free(inBuf); char* escapedBuf = nsEscape(convertedBuf, url_XPAlphas); nsMemory::Free(convertedBuf); nsHTMLSelectElement::SubmitNamesValues(nsIFormSubmission *,nsIContent *) [nsHTMLSelectElement.cpp:2033] nsHTMLFormElement::WalkFormElements(nsIFormSubmission *,nsIContent *) [nsHTMLFormElement.cpp:840] nsHTMLFormElement::DoSubmit(nsIPresContext *,nsEvent *) [nsHTMLFormElement.cpp:652] nsHTMLFormElement::DoSubmitOrReset(nsIPresContext *,nsEvent *,int) [nsHTMLFormElement.cpp:607] nsHTMLFormElement::HandleDOMEvent(nsIPresContext *,nsEvent *,nsIDOMEvent * *,UINT,nsEventStatus *) [nsHTMLFormElement.cpp:569] PresShell::HandleEventInternal(nsEvent *,nsIView *,UINT,nsEventStatus *) [nsPresShell.cpp:6003] PresShell::HandleEventWithTarget(nsEvent *,nsIFrame *,nsIContent *,UINT,nsEventStatus *) [nsPresShell.cpp:5972] Allocation location new(UINT) [msvcrt.DLL] nsFormSubmission::UnicodeToNewBytes(WORD const*,UINT,nsIUnicodeEncoder *) [nsFormSubmission.cpp:947] return nsnull; } => res = new char[maxByteLen+1]; if (res) { PRInt32 reslen = maxByteLen; PRInt32 reslen2; nsFormSubmission::EncodeVal(nsAString const&) [nsFormSubmission.cpp:983] nsFSURLEncoded::URLEncode(nsAString const&,nsCString&) [nsFormSubmission.cpp:337] nsHTMLSelectElement::SubmitNamesValues(nsIFormSubmission *,nsIContent *) [nsHTMLSelectElement.cpp:2033] nsHTMLFormElement::WalkFormElements(nsIFormSubmission *,nsIContent *) [nsHTMLFormElement.cpp:840] nsHTMLFormElement::DoSubmit(nsIPresContext *,nsEvent *) [nsHTMLFormElement.cpp:652] nsHTMLFormElement::DoSubmitOrReset(nsIPresContext *,nsEvent *,int) [nsHTMLFormElement.cpp:607] nsHTMLFormElement::HandleDOMEvent(nsIPresContext *,nsEvent *,nsIDOMEvent * *,UINT,nsEventStatus *) [nsHTMLFormElement.cpp:569] PresShell::HandleEventInternal(nsEvent *,nsIView *,UINT,nsEventStatus *) [nsPresShell.cpp:6003]
Keywords: nsbeta1
nsbeta1+
Keywords: nsbeta1nsbeta1+
Priority: -- → P1
Target Milestone: --- → mozilla1.0
fixed with bug 117422. There are no similar bugs in the file that I can see.
Status: NEW → RESOLVED
Closed: 23 years ago
Resolution: --- → FIXED
Yeah, not seeing this now.
Status: RESOLVED → VERIFIED
Component: HTML: Form Submission → DOM: Core & HTML
You need to log in before you can comment on or make changes to this bug.