Memory leak in EvalInstructionSelection.
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
qtdeclarative-opensource-src (Ubuntu) |
New
|
Undecided
|
Unassigned |
Bug Description
QV4::EvalInstru
if ((unit->data == nullptr) && (do_save || generateUnitData))
unit->data = jsGenerator-
Above this line, I see that do_save is always true. So, unit->data is always generated, regardless of the value of generateUnitData.
However, by tracing to callers of this function, it's revealed that callers expect unit->data to be NULL if generateUnitData is false. And by this assumption, they overwrite this variable. As it's allocated by malloc, this chunk of memory gets lost. For example, this is a trace from running unity8-dash under Valgrind:
==4360== 601,072 bytes in 96 blocks are definitely lost in loss record 1,495 of 1,495
==4360== at 0x483E358: malloc (vg_replace_
==4360== by 0x4C3120B: QV4::Compiler:
==4360== by 0x4C3CB8F: QV4::EvalInstru
==4360== by 0x4C6BE0F: QQmlTypeCompile
==4360== by 0x4D4AD7D: QQmlTypeData:
.... (the rest is omitted as they're not relavant.)
QQmlTypeCompile
// Compile JS binding expressions and signal handlers
if (!document-
(line 203-222 omitted)
}
// Generate QML compiled type data structures
QmlIR:
QV4:
Q_ASSERT(
// The js unit owns the data and will free the qml unit.
document-
You'll see that isel->compile() is called with generateUnitData set to false. Then, document-
I think the solution is to free this memory at the end of EvalInstruction
All codes come from qtdeclarative-