Description
mono_type_full_name() returns an allocated string, but several call sites in src/mono/mono/metadata/marshal-shared.c pass it directly into g_strdup_printf or g_error without freeing the intermediate allocation:
- Line 778:
g_strdup_printf("Type %s ...", mono_type_full_name(...))
- Line 816:
g_error("Type %s ...", mono_type_full_name(...))
- Line 866:
g_strdup_printf("Generic type %s ...", mono_type_full_name(...))
- Lines 912-913:
g_strdup_printf("Type %s with field type %s ...", mono_type_full_name(...), mono_type_full_name(...))
Each leaks the string returned by mono_type_full_name(). While these are error paths, they can fire repeatedly during AOT compilation (e.g., when processing assemblies with many invalid marshal configurations), causing cumulative memory growth.
Fix
Store the result in a temporary, use it in the format string, then g_free it:
char *type_name = mono_type_full_name(m_class_get_byval_arg(klass));
char *msg = g_strdup_printf("Type %s ...", type_name);
g_free(type_name);
mono_marshal_shared_mb_emit_exception_marshal_directive(mb, msg);This pattern should be applied to all call sites in the file.
Description
mono_type_full_name()returns an allocated string, but several call sites insrc/mono/mono/metadata/marshal-shared.cpass it directly intog_strdup_printforg_errorwithout freeing the intermediate allocation:g_strdup_printf("Type %s ...", mono_type_full_name(...))g_error("Type %s ...", mono_type_full_name(...))g_strdup_printf("Generic type %s ...", mono_type_full_name(...))g_strdup_printf("Type %s with field type %s ...", mono_type_full_name(...), mono_type_full_name(...))Each leaks the string returned by
mono_type_full_name(). While these are error paths, they can fire repeatedly during AOT compilation (e.g., when processing assemblies with many invalid marshal configurations), causing cumulative memory growth.Fix
Store the result in a temporary, use it in the format string, then
g_freeit:This pattern should be applied to all call sites in the file.