Closed Bug 1045178 Opened 10 years ago Closed 10 years ago

NPObject leak in PluginScriptableObjectChild::ResurrectProxyObject

Categories

(Core Graveyard :: Plug-ins, defect)

Product:
Core Graveyard
Component:
Plug-ins
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED FIXED
Milestone:
mozilla34

People

(Reporter: bugzilla, Assigned: bugzilla)

References

Details

Attachments

(1 file, 1 obsolete file)

Fix NPObject leak
3.41 KB, patch
bugzilla
: review+
Details | Diff | Splinter Review 
We create a new NPObject in PluginScriptableObjectChild::ResurrectProxyObject() but don't do anything with it. Then we call InitializeProxy() which creates a second NPObject that is actually registered as the NPObject of record to be used with the actor.

Since the same actor is associated with both NPObjects, this can cause double frees of the actor when the NPObjects are destroyed.
Attached patch Fix NPObject leak (obsolete) — Splinter Review 

        Attachment #8463628 -
        Flags: review?(jschoenick)

    
    

    
  
Comment on attachment 8463628 [details] [diff] [review]
Fix NPObject leak

Review of attachment 8463628 [details] [diff] [review]:
-----------------------------------------------------------------

LGTM

::: dom/plugins/ipc/PluginScriptableObjectChild.cpp
@@ +454,3 @@
>  
>    if (!PluginModuleChild::current()->RegisterActorForNPObject(object, this)) {
>      NS_ERROR("Out of memory?");

This message doesn't make any sense...

        Attachment #8463628 -
        Flags: review?(jschoenick) → review+

    
    

    
  


  
Fixed error message from review comment. Carrying forward r+.

        Attachment #8463628 -
        Attachment is obsolete: true

        Attachment #8463663 -
        Flags: review+

    
    

    
  
https://hg.mozilla.org/mozilla-central/rev/6b73e003d67a
Status: NEW → RESOLVED
Closed: 10 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla34

    
  
Product: Core → Core Graveyard

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: