Closed Bug 1128358 Opened 11 years ago Closed 11 years ago

nsCSSFrameConstructor::AddFCItemsForAnonymousContent leaks ContentInfo::mStyleContext

Categories

(Core :: Layout, defect)

Product:
Core
Component:
Layout
Platform:
x86_64
All
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED INVALID

People

(Reporter: heycam, Unassigned)

Details

Attachments

(1 file)

patch
1.19 KB, patch
Details | Diff | Splinter Review
Attached patch patchSplinter Review
nsCSSFrameConstructor::AddFCItemsForAnonymousContent calls forget on nsIAnonymousContentCreator::ContentInfo::mStyleContext and assigning that directly to an nsRefPtr. This leaks the style context.
Attachment #8557679 - Flags: review?(roc)
Comment on attachment 8557679 [details] [diff] [review] patch Review of attachment 8557679 [details] [diff] [review]: ----------------------------------------------------------------- ::: layout/base/nsCSSFrameConstructor.cpp @@ +10259,5 @@ > nsRefPtr<nsStyleContext> styleContext; > TreeMatchContext::AutoParentDisplayBasedStyleFixupSkipper > parentDisplayBasedStyleFixupSkipper(aState.mTreeMatchContext); > if (aAnonymousItems[i].mStyleContext) { > + styleContext = Move(aAnonymousItems[i].mStyleContext); I feel stupid but I don't understand the problem here. forget() clears mStyleContext and returns an already_AddRefed<nsStyleContext>. We store that in styleContxt. So no refcounts are changed and the ref is moved. What's wrong with the current code?
Attachment #8557679 - Flags: review?(roc)
Ah, my mistake. I looked up forget() on nsAutoPtr, not nsRefPtr, and saw that it returned a raw pointer.
Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → INVALID
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: