Closed Bug 305448 Opened 19 years ago Closed 19 years ago

Leaving document while script loaded via document.write is loading leaks the world

Categories

(Core :: DOM: HTML Parser, defect)

Product:
Core
Component:
DOM: HTML Parser
Platform:
x86
Linux
Type:
defect
Priority:
Not set
Severity:
major

Tracking

()

Status:
RESOLVED FIXED

People

(Reporter: bzbarsky, Assigned: mrbkap)

References

(
URL
)

Details

(Keywords: fixed1.8, memory-leak)

Attachments

(2 files)

possible fix
1.91 KB, patch
bzbarsky
: review+
jst
: superreview+
asa
: approval1.8b4+
Details | Diff | Splinter Review
Minimal testcase
218 bytes, text/html
Details 
Steps to reproduce:

1)  Load www.cbsnews.com
2)  While it's loading, go to a different page.  Chances are, you leak the world.

The problem is that nsParser::Terminate doesn't work when we're waiting on a
document.written <script> tag to finish loading because
mParserContext->mPrevContext is not null. So we never call
HTMLContentSink::DidBuildModel, and never break the document/sink/parser
refcount  cycles.
I think we should get this fixed for 1.8b4; it's a pretty big leak and very easy
to hit.
Flags: blocking1.8b4?
I'll have a patch for this soon.
Status: NEW → ASSIGNED
Attached patch possible fixSplinter Review 
This cleans up the parser contexts so that nsParser::DidBuildModel actually
believes that we're done parsing the document.
Attached file Minimal testcase 

    
  

        Attachment #193462 -
        Flags: review+

    
  

        Attachment #193462 -
        Flags: superreview?(jst)

    
    

    
  
Comment on attachment 193462 [details] [diff] [review]
possible fix

sr=jst

        Attachment #193462 -
        Flags: superreview?(jst) → superreview+

    
    

    
  
Comment on attachment 193462 [details] [diff] [review]
possible fix

This patch is very safe (only changes our behavior when we're in this weird
case) and fixes a rather large leak (parser + document + scanner + etc.).

        Attachment #193462 -
        Flags: approval1.8b4?

    
    

    
  
Fix checked into trunk.
Status: ASSIGNED → RESOLVED
Closed: 19 years ago
Resolution: --- → FIXED

    
  
Flags: blocking1.8b4? → blocking1.8b4+

    
  

        Attachment #193462 -
        Flags: approval1.8b4? → approval1.8b4+

    
    

    
  
And checked in on MOZILLA_1_8_BRANCH.
Keywords: fixed1.8

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: