Closed
Bug 1014296
Opened 11 years ago
Closed 11 years ago
specialpowersAPI.js entrains potential garbage
Categories
(Testing :: General, defect)
Tracking
(Not tracked)
RESOLVED
FIXED
mozilla32
People
(Reporter: mrbkap, Assigned: mrbkap)
References
Details
(Whiteboard: [MemShrink])
Attachments
(1 file, 1 obsolete file)
|
3.59 KB,
patch
|
billm
:
review+
|
Details | Diff | Splinter Review |
Due two two missing variable declarations, the special powers object risks entraining potential garbage on the message manager global object.
It took khuey and me 3 hours to track this down (running a specific set of mochitests with a patch that changed the tests to use SpecialPowers wrappers).
|
Assignee | |
Comment 1•11 years ago
|
||
And for posterity, here's the bit of log that pointed the problem out to us:
via XPCWrappedNative::mFlatJSObject :
0x7f72808e6f60 [ContentFrameMessageManager 7f7279544520]
--[args]--> 0x7f72725964c0 [Array <no private>]
--[objectElements[0]]--> 0x7f7272825980 [Proxy <no private>]
--[private]--> 0x7f727259b780 [Object <no private>]
--[wrappedObject]--> 0x7f72728282b0 [XPCWrappedNative_NoHelper 7f727dc202c0]
where that wrapped native was expected to have died already.
|
|
Assignee | |
Comment 2•11 years ago
|
||
I had to add an additional couple of var declarations that don't have an effect due to my "use strict", but I think it's worth it.
Attachment #8426662 -
Flags: review?(bobbyholley)
|
||
Comment 3•11 years ago
|
||
Comment on attachment 8426662 [details] [diff] [review]
Fix
Review of attachment 8426662 [details] [diff] [review]:
-----------------------------------------------------------------
To make sure I understand correctly - it's only ever 1 piece of garbage at a time, since we overwrite the old value each time, right?
Attachment #8426662 -
Flags: review?(bobbyholley) → review+
|
|
Assignee | |
Comment 4•11 years ago
|
||
Yeah. I probably wouldn't have noticed this if I'd run the whole suite of tests (e.g. on tinderbox), but only testing my patches that ended up passing a non-CC'd object through a specialpowers object wrapper leaked that content window.
Whiteboard: [MemShrink]
|
||
Comment 5•11 years ago
|
||
Do we have a bug on using "use strict;" everywhere?
|
|
Assignee | |
Comment 6•11 years ago
|
||
Fortunately, I sent this patch to try – it fails spectacularly due to another strict mode violation: SpecialPowers.prototype.isDebugBuild tries to 'delete' itself as a 'get once getter'; however, it tries to delete itself off of 'this', which is not the prototype. I'm about to attach a new patch.
|
|
Assignee | |
Comment 7•11 years ago
|
||
Attachment #8426662 -
Attachment is obsolete: true
Attachment #8427325 -
Flags: review?(bobbyholley)
Attachment #8427325 -
Flags: review?(bobbyholley) → review+
|
|
Assignee | |
Comment 8•11 years ago
|
||
|
|
Assignee | |
Comment 9•11 years ago
|
||
(In reply to Nicholas Nethercote [:njn] from comment #5)
> Do we have a bug on using "use strict;" everywhere?
I think we've converted most, if not all of the code. I don't know if we have protections in place to prevent people from adding non-strict-mode JSMs, though.
|
|
||
Comment 10•11 years ago
|
||
Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla32
You need to log in
before you can comment on or make changes to this bug.
Description
•