Closed
Bug 1045178
Opened 11 years ago
Closed 11 years ago
NPObject leak in PluginScriptableObjectChild::ResurrectProxyObject
Categories
(Core Graveyard :: Plug-ins, defect)
Core Graveyard
Plug-ins
Tracking
(Not tracked)
RESOLVED
FIXED
mozilla34
People
(Reporter: bugzilla, Assigned: bugzilla)
References
Details
Attachments
(1 file, 1 obsolete file)
|
3.41 KB,
patch
|
bugzilla
:
review+
|
Details | Diff | Splinter Review |
We create a new NPObject in PluginScriptableObjectChild::ResurrectProxyObject() but don't do anything with it. Then we call InitializeProxy() which creates a second NPObject that is actually registered as the NPObject of record to be used with the actor.
Since the same actor is associated with both NPObjects, this can cause double frees of the actor when the NPObjects are destroyed.
|
Assignee | |
Comment 1•11 years ago
|
||
Attachment #8463628 -
Flags: review?(jschoenick)
|
||
Comment 2•11 years ago
|
||
Comment on attachment 8463628 [details] [diff] [review]
Fix NPObject leak
Review of attachment 8463628 [details] [diff] [review]:
-----------------------------------------------------------------
LGTM
::: dom/plugins/ipc/PluginScriptableObjectChild.cpp
@@ +454,3 @@
>
> if (!PluginModuleChild::current()->RegisterActorForNPObject(object, this)) {
> NS_ERROR("Out of memory?");
This message doesn't make any sense...
Attachment #8463628 -
Flags: review?(jschoenick) → review+
|
|
Assignee | |
Comment 3•11 years ago
|
||
Fixed error message from review comment. Carrying forward r+.
Attachment #8463628 -
Attachment is obsolete: true
Attachment #8463663 -
Flags: review+
|
|
Assignee | |
Comment 4•11 years ago
|
||
Keywords: checkin-needed
|
||
Comment 5•11 years ago
|
||
Keywords: checkin-needed
Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla34
|
||
Updated•3 years ago
|
Product: Core → Core Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•