Closed Bug 2563 Opened 26 years ago Closed 26 years ago

Override of operator new calls operator new[]!

Categories

(Core :: Layout, defect, P2)

defect

Tracking

()

VERIFIED FIXED

People

(Reporter: sfraser_bugs, Assigned: buster)

Details

(Whiteboard: awaiting reporter to verify)

In several layout classes, there are overrides of operator new() to zero allocated memory, e.g.: void* CSSDeclarationImpl::operator new(size_t size) { void* result = new char[size]; nsCRT::zero(result, size); return result; } This is really bad, for a number of reasons: 1. operator new and operator new[] cannot be mixed, and must be balanced with delete and delete[], otherwise some new/delete implementations will fail. Calling new[] inside an overloaded new is thus really bad. 2. If you override operator new, you should also override operator delete, to undo any magic you did in operator new. 3. The only real reason to override operator new is to provide your own memory management for an object. Zeroing out class members is what initializers are for: foo:foo() : mBar(0), mQuux(0) { } A search in the layout code shows that the following classes have suspect overrides of new, where new calls new[] CSSDeclarationImpl nsFrame PresShell StyleContextImpl and these classes have new overrides which would be better done with initializers: HTMLContentSink
OS: All
Found roughly 131 cases of defining operator new; this _really_ needs to be examined
mcmullen notes that some compilers will actually crash when |delete| is called an object allocated with |new []|. MPW is one of these. This could be a major issue for someone trying to port the Gecko code to a different compiler/platform.
Setting all current Open/Normal to M4.
Status: ASSIGNED → RESOLVED
Closed: 26 years ago
Resolution: --- → FIXED
I hunted down and fixed this problem everywhere I could find it. That does not include the mail-news code. There is now yet-another-macro in nsCRT.h that one can use to get zero'd memory during an operator new. It implements both new and delete and use the proper new.
QA Contact: 3849
Whiteboard: awaiting reporter to verify
Status: RESOLVED → VERIFIED
Verified fixed
You need to log in before you can comment on or make changes to this bug.