Closed Bug 1128358 Opened 9 years ago Closed 9 years ago

nsCSSFrameConstructor::AddFCItemsForAnonymousContent leaks ContentInfo::mStyleContext

Categories

(Core :: Layout, defect)

Product:
Core
Component:
Layout
Platform:
x86_64
All
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED INVALID

People

(Reporter: heycam, Unassigned)

Details

Attachments

(1 file)

patch
1.19 KB, patch
Details | Diff | Splinter Review
Attached patch patchSplinter Review 
nsCSSFrameConstructor::AddFCItemsForAnonymousContent calls forget on nsIAnonymousContentCreator::ContentInfo::mStyleContext and assigning that directly to an nsRefPtr.  This leaks the style context.
Attachment #8557679 - Flags: review?(roc)
Comment on attachment 8557679 [details] [diff] [review]
patch

Review of attachment 8557679 [details] [diff] [review]:
-----------------------------------------------------------------

::: layout/base/nsCSSFrameConstructor.cpp
@@ +10259,5 @@
>      nsRefPtr<nsStyleContext> styleContext;
>      TreeMatchContext::AutoParentDisplayBasedStyleFixupSkipper
>        parentDisplayBasedStyleFixupSkipper(aState.mTreeMatchContext);
>      if (aAnonymousItems[i].mStyleContext) {
> +      styleContext = Move(aAnonymousItems[i].mStyleContext);

I feel stupid but I don't understand the problem here. forget() clears mStyleContext and returns an already_AddRefed<nsStyleContext>. We store that in styleContxt. So no refcounts are changed and the ref is moved. What's wrong with the current code?
Attachment #8557679 - Flags: review?(roc)
Ah, my mistake.  I looked up forget() on nsAutoPtr, not nsRefPtr, and saw that it returned a raw pointer.
Status: NEW → RESOLVED
Closed: 9 years ago
Resolution: --- → INVALID
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: