Fix leak of message snapshot buffer when attempting to send an illegal object.

runtime/lib/isolate.cc

 // Copyright (c) 2012, the Dart project authors.  Please see the AUTHORS file
 // for details. All rights reserved. Use of this source code is governed by a
 // BSD-style license that can be found in the LICENSE file.
 
 #include "include/dart_native_api.h"
 #include "platform/assert.h"
 #include "vm/bootstrap_natives.h"
 #include "vm/class_finalizer.h"
 #include "vm/dart.h"
 #include "vm/dart_api_impl.h"
@@ skipping 12 matching lines @@
 #include "vm/symbols.h"
 #include "vm/unicode.h"
 
 namespace dart {
 
 DEFINE_FLAG(bool,
             i_like_slow_isolate_spawn,
             false,
             "Block the parent thread when loading spawned isolates.");
 
-static uint8_t* allocator(uint8_t* ptr, intptr_t old_size, intptr_t new_size) {
+static uint8_t* malloc_allocator(uint8_t* ptr,
+                                 intptr_t old_size,
+                                 intptr_t new_size) {
   void* new_ptr = realloc(reinterpret_cast<void*>(ptr), new_size);
   return reinterpret_cast<uint8_t*>(new_ptr);
 }
 
+static void malloc_deallocator(uint8_t* ptr) {
+  free(reinterpret_cast<void*>(ptr));
+}
+
 
 DEFINE_NATIVE_ENTRY(CapabilityImpl_factory, 1) {
   ASSERT(TypeArguments::CheckedHandle(arguments->NativeArgAt(0)).IsNull());
   uint64_t id = isolate->random()->NextUInt64();
   return Capability::New(id);
 }
 
 
 DEFINE_NATIVE_ENTRY(CapabilityImpl_equals, 2) {
   GET_NON_NULL_NATIVE_ARGUMENT(Capability, recv, arguments->NativeArgAt(0));
@@ skipping 61 matching lines @@
   GET_NON_NULL_NATIVE_ARGUMENT(Instance, obj, arguments->NativeArgAt(1));
 
   const Dart_Port destination_port_id = port.Id();
   const bool can_send_any_object = isolate->origin_id() == port.origin_id();
 
   if (ApiObjectConverter::CanConvert(obj.raw())) {
     PortMap::PostMessage(
         new Message(destination_port_id, obj.raw(), Message::kNormalPriority));
   } else {
     uint8_t* data = NULL;
-    MessageWriter writer(&data, &allocator, can_send_any_object);
+    MessageWriter writer(&data, &malloc_allocator, &malloc_deallocator,
+                         can_send_any_object);
     writer.WriteMessage(obj);
 
     // TODO(turnidge): Throw an exception when the return value is false?
     PortMap::PostMessage(new Message(destination_port_id, data,
                                      writer.BytesWritten(),
                                      Message::kNormalPriority));
   }
   return Object::null();
 }
 
@@ skipping 287 matching lines @@
 
 
 DEFINE_NATIVE_ENTRY(Isolate_sendOOB, 2) {
   GET_NON_NULL_NATIVE_ARGUMENT(SendPort, port, arguments->NativeArgAt(0));
   GET_NON_NULL_NATIVE_ARGUMENT(Array, msg, arguments->NativeArgAt(1));
 
   // Make sure to route this request to the isolate library OOB mesage handler.
   msg.SetAt(0, Smi::Handle(Smi::New(Message::kIsolateLibOOBMsg)));
 
   uint8_t* data = NULL;
-  MessageWriter writer(&data, &allocator, false);
+  MessageWriter writer(&data, &malloc_allocator, &malloc_deallocator, false);
   writer.WriteMessage(msg);
 
   PortMap::PostMessage(new Message(port.Id(), data, writer.BytesWritten(),
                                    Message::kOOBPriority));
   return Object::null();
 }
 
 }  // namespace dart