Fix allocator abuses: bug 331165 r+sr=bsmedberg; bug 484309 r+sr=bsmedberg; bug 484312 r+sr=biesi
authorNeil Rashbrook <neil@parkwaycc.co.uk>
Wed, 25 Mar 2009 13:19:08 +0000
changeset 26589 6be2393999103b9b416c03df5aac2799b43d6550
parent 26588 bff47eac99affa20e9056b2bbbb28f53cf565a04
child 26590 722d92a9acdd3ec05907ace2b1b553015dd6c801
push idunknown
push userunknown
push dateunknown
bugs331165, 484309, 484312
milestone1.9.2a1pre
Fix allocator abuses: bug 331165 r+sr=bsmedberg; bug 484309 r+sr=bsmedberg; bug 484312 r+sr=biesi
netwerk/base/src/nsStandardURL.cpp
netwerk/cache/src/nsDiskCacheMap.cpp
xpcom/base/nsErrorService.cpp
xpcom/components/nsCategoryManager.cpp
xpcom/components/nsComponentManager.cpp
xpcom/glue/nsID.cpp
--- a/netwerk/base/src/nsStandardURL.cpp
+++ b/netwerk/base/src/nsStandardURL.cpp
@@ -780,17 +780,17 @@ char *
 nsStandardURL::AppendToSubstring(PRUint32 pos,
                                  PRInt32 len,
                                  const char *tail,
                                  PRInt32 tailLen)
 {
     if (tailLen < 0)
         tailLen = strlen(tail);
 
-    char *result = (char *) malloc(len + tailLen + 1);
+    char *result = (char *) NS_Alloc(len + tailLen + 1);
     if (result) {
         memcpy(result, mSpec.get() + pos, len);
         memcpy(result + len, tail, tailLen);
         result[len + tailLen] = '\0';
     }
     return result;
 }
 
@@ -1664,19 +1664,17 @@ nsStandardURL::Resolve(const nsACString 
     nsCAutoString buf;
     PRInt32 relpathLen;
     if (net_FilterURIString(relpath, buf)) {
         relpath = buf.get();
         relpathLen = buf.Length();
     } else
         relpathLen = flat.Length();
     
-    // XXX hack hack hack
-    char *p = nsnull;
-    char **result = &p;
+    char *result = nsnull;
 
     LOG(("nsStandardURL::Resolve [this=%p spec=%s relpath=%s]\n",
         this, mSpec.get(), relpath));
 
     NS_ASSERTION(mParser, "no parser: unitialized");
 
     // NOTE: there is no need for this function to produce normalized
     // output.  normalization will occur when the result is used to 
@@ -1720,40 +1718,40 @@ nsStandardURL::Resolve(const nsACString 
         // but try to find out more
         if (SegmentIs(mScheme, relpath, scheme, PR_TRUE)) {
             // mScheme and Scheme are the same 
             // but this can still be relative
             if (nsCRT::strncmp(relpath + scheme.mPos + scheme.mLen,
                                "://",3) == 0) {
                 // now this is really absolute
                 // because a :// follows the scheme 
-                *result = nsCRT::strdup(relpath);
+                result = NS_strdup(relpath);
             } else {         
                 // This is a deprecated form of relative urls like
                 // http:file or http:/path/file
                 // we will support it for now ...
                 relative = PR_TRUE;
                 offset = scheme.mLen + 1;
             }
         } else {
             // the schemes are not the same, we are also done
             // because we have to assume this is absolute 
-            *result = nsCRT::strdup(relpath);
+            result = NS_strdup(relpath);
         }  
     } else {
         // add some flags to coalesceFlag if it is an ftp-url
         // need this later on when coalescing the resulting URL
         if (SegmentIs(mScheme,"ftp")) {
             coalesceFlag = (netCoalesceFlags) (coalesceFlag 
                                         | NET_COALESCE_ALLOW_RELATIVE_ROOT
                                         | NET_COALESCE_DOUBLE_SLASH_IS_ROOT);
         }
         if (relpath[0] == '/' && relpath[1] == '/') {
             // this URL //host/path is almost absolute
-            *result = AppendToSubstring(mScheme.mPos, mScheme.mLen + 1, relpath);
+            result = AppendToSubstring(mScheme.mPos, mScheme.mLen + 1, relpath);
         } else {
             // then it must be relative 
             relative = PR_TRUE;
         }
     }
     if (relative) {
         PRUint32 len = 0;
         const char *realrelpath = relpath + offset;
@@ -1791,37 +1789,35 @@ nsStandardURL::Resolve(const nsACString 
                     // overwrite everything after the directory 
                     len = mDirectory.mPos + mDirectory.mLen;
                 }
             } else { 
                 // overwrite everything after the directory 
                 len = mDirectory.mPos + mDirectory.mLen;
             }
         }
-        *result = AppendToSubstring(0, len, realrelpath);
+        result = AppendToSubstring(0, len, realrelpath);
         // locate result path
-        resultPath = *result + mPath.mPos;
+        resultPath = result + mPath.mPos;
     }
-    if (!*result)
+    if (!result)
         return NS_ERROR_OUT_OF_MEMORY;
 
     if (resultPath)
         net_CoalesceDirs(coalesceFlag, resultPath);
     else {
         // locate result path
-        resultPath = PL_strstr(*result, "://");
+        resultPath = PL_strstr(result, "://");
         if (resultPath) {
             resultPath = PL_strchr(resultPath + 3, '/');
             if (resultPath)
                 net_CoalesceDirs(coalesceFlag,resultPath);
         }
     }
-    // XXX avoid extra copy
-    out = *result;
-    free(*result);
+    out.Adopt(result);
     return NS_OK;
 }
 
 // result may contain unescaped UTF-8 characters
 NS_IMETHODIMP
 nsStandardURL::GetCommonBaseSpec(nsIURI *uri2, nsACString &aResult)
 {
     NS_ENSURE_ARG_POINTER(uri2);
--- a/netwerk/cache/src/nsDiskCacheMap.cpp
+++ b/netwerk/cache/src/nsDiskCacheMap.cpp
@@ -1029,17 +1029,17 @@ nsDiskCacheMap::CalculateFileIndex(PRUin
     if (size <= 16384)  return 3;
     return 0;  
 }
 
 nsresult
 nsDiskCacheMap::EnsureBuffer(PRUint32 bufSize)
 {
     if (mBufferSize < bufSize) {
-        char * buf = (char *)realloc(mBuffer, bufSize);
+        char * buf = (char *)PR_REALLOC(mBuffer, bufSize);
         if (!buf) {
             mBufferSize = 0;
             return NS_ERROR_OUT_OF_MEMORY;
         }
         mBuffer = buf;
         mBufferSize = bufSize;
     }
     return NS_OK;
--- a/xpcom/base/nsErrorService.cpp
+++ b/xpcom/base/nsErrorService.cpp
@@ -36,52 +36,52 @@
  * ***** END LICENSE BLOCK ***** */
 
 #include "nsErrorService.h"
 #include "nsCRT.h"
 
 static void*
 CloneCString(nsHashKey *aKey, void *aData, void* closure)
 {
-  return nsCRT::strdup((const char*)aData);
+  return NS_strdup((const char*)aData);
 }
 
 static PRBool
 DeleteCString(nsHashKey *aKey, void *aData, void* closure)
 {
-  nsCRT::free((char*)aData);
+  NS_Free(aData);
   return PR_TRUE;
 }
 
 nsInt2StrHashtable::nsInt2StrHashtable()
     : mHashtable(CloneCString, nsnull, DeleteCString, nsnull, 16)
 {
 }
 
 nsresult
 nsInt2StrHashtable::Put(PRUint32 key, const char* aData)
 {
-  char* value = nsCRT::strdup(aData);
+  char* value = NS_strdup(aData);
   if (value == nsnull)
     return NS_ERROR_OUT_OF_MEMORY;
   nsPRUint32Key k(key);
   char* oldValue = (char*)mHashtable.Put(&k, value);
   if (oldValue)
     nsCRT::free(oldValue);
   return NS_OK;
 }
 
 char* 
 nsInt2StrHashtable::Get(PRUint32 key)
 {
   nsPRUint32Key k(key);
   const char* value = (const char*)mHashtable.Get(&k);
   if (value == nsnull)
     return nsnull;
-  return nsCRT::strdup(value);
+  return NS_strdup(value);
 }
 
 nsresult
 nsInt2StrHashtable::Remove(PRUint32 key)
 {
   nsPRUint32Key k(key);
   char* oldValue = (char*)mHashtable.Remove(&k);
   if (oldValue)
--- a/xpcom/components/nsCategoryManager.cpp
+++ b/xpcom/components/nsCategoryManager.cpp
@@ -271,17 +271,17 @@ CategoryNode::GetLeaf(const char* aEntry
 {
   PR_Lock(mLock);
   nsresult rv = NS_ERROR_NOT_AVAILABLE;
   CategoryLeaf* ent =
     mTable.GetEntry(aEntryName);
 
   // we only want the non-persistent value
   if (ent && ent->nonpValue) {
-    *_retval = nsCRT::strdup(ent->nonpValue);
+    *_retval = NS_strdup(ent->nonpValue);
     if (*_retval)
       rv = NS_OK;
   }
   PR_Unlock(mLock);
 
   return rv;
 }
 
--- a/xpcom/components/nsComponentManager.cpp
+++ b/xpcom/components/nsComponentManager.cpp
@@ -1159,19 +1159,19 @@ ClassIDWriter(PLDHashTable *table,
                "%s,%s,%s,%s,%s\n",
                cidString,
                (contractID ? contractID : ""),
                (loaderName ? loaderName : ""),
                (className  ? className  : ""),
                (location   ? location   : ""));
 
     if (contractID)
-        PR_Free(contractID);
+        NS_Free(contractID);
     if (className)
-        PR_Free(className);
+        NS_Free(className);
 
     return PL_DHASH_NEXT;
 }
 
 static PLDHashOperator
 AutoRegEntryWriter(nsIHashable *aKey, PRInt64 &aTimestamp, void* aClosure)
 {
     PRFileDesc* fd = (PRFileDesc*) aClosure;
--- a/xpcom/glue/nsID.cpp
+++ b/xpcom/glue/nsID.cpp
@@ -31,18 +31,17 @@
  * use your version of this file under the terms of the MPL, indicate your
  * decision by deleting the provisions above and replace them with the notice
  * and other provisions required by the GPL or the LGPL. If you do not delete
  * the provisions above, a recipient may use your version of this file under
  * the terms of any one of the MPL, the GPL or the LGPL.
  *
  * ***** END LICENSE BLOCK ***** */
 #include "nsID.h"
-#include "prprf.h"
-#include "prmem.h"
+#include "nsMemory.h"
 
 static const char gIDFormat[] = 
   "{%08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x}";
 
 static const char gIDFormat2[] = 
   "%08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x";
 
 
@@ -117,23 +116,23 @@ PRBool nsID::Parse(const char *aIDStr)
   
   return expectFormat1 ? *aIDStr == '}' : PR_TRUE;
 }
 
 #ifndef XPCOM_GLUE_AVOID_NSPR
 
 /*
  * Returns an allocated string in {xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx}
- * format. The string is allocated with PR_Malloc and should be freed by
+ * format. The string is allocated with NS_Alloc and should be freed by
  * the caller.
  */
 
 char *nsID::ToString() const 
 {
-  char *res = (char*)PR_Malloc(NSID_LENGTH); // use PR_Malloc if this is to be freed with nsCRT::free
+  char *res = (char*)NS_Alloc(NSID_LENGTH);
 
   if (res != NULL) {
     PR_snprintf(res, NSID_LENGTH, gIDFormat,
                 m0, (PRUint32) m1, (PRUint32) m2,
                 (PRUint32) m3[0], (PRUint32) m3[1], (PRUint32) m3[2],
                 (PRUint32) m3[3], (PRUint32) m3[4], (PRUint32) m3[5],
                 (PRUint32) m3[6], (PRUint32) m3[7]);
   }