Closed
Bug 132325
Opened 22 years ago
Closed 22 years ago
LiveConnect holds stale MRJ Plugin references
Categories
(Core Graveyard :: Java: OJI, defect)
Tracking
(Not tracked)
RESOLVED
FIXED
mozilla1.0
People
(Reporter: bnesse, Assigned: bnesse)
References
()
Details
(Keywords: crash, memory-leak, Whiteboard: nsbeta1+)
Attachments
(2 files, 2 obsolete files)
849 bytes,
patch
|
sdagley
:
review+
beard
:
superreview+
asa
:
approval+
|
Details | Diff | Splinter Review |
5.70 KB,
patch
|
beard
:
superreview+
|
Details | Diff | Splinter Review |
I'm not really sure if this belongs in LiveConnect or OJI. I believe both components may be at fault to some extent, but the initial fault lies with the plugin so OJI wins. We have lifetime issues with the connection between the MRJ Plugin and LiveConnect which are causing stale references to be maintained to deleted objects. Steps to reproduce. 1) Go to chat.yahoo.com. 2) Enter a chat room. 3) Go back to the previous page (you have to click back twice to do this). 4) Select a different chat room. -> Crash. I am fairly certain that this only happens on the Mac, and under both OS 9 and OS X (though Yahoo Chat doesn't actually work under OS 9, the code paths are the same.)
Assignee | ||
Comment 1•22 years ago
|
||
Attempting to summarize somewhat briefly... InstantiateEmbededPlugin (called to create the plugin when you enter the chat room) causes InitLiveConnectSupport() to be called. This saves a copy of the MRJ Plugin into a global. The companion function, ShutdownLiveConnectSupport(), however is only called at application shutdown via TryUnloadPlugin(). Unfortunately the plugin is deleted when you leave the page. The above commentary is somewhat of an over simplification as the object saved is an MRJPlugin, and the object released is an MRJPluginInstance. I don't have the stack in front of me, but the crash occurs when accessing deleted members (of the PluginInstance I expect) which are assumed to be valid somewhere along the calling chain (I believe Java_netscape_javascript_JSObject_getWindow() is the initiator.)
Assignee | ||
Comment 2•22 years ago
|
||
After a lot of digging, it turns out that the stale reference exists in the list of plugin instances held by the plugin. This reference is not removed from the list because some of the JS->Java connectivity routines are not releasing addrefed plugin instances properly.
Keywords: mlk
Assignee | ||
Comment 3•22 years ago
|
||
Patch to fix the classic plugin leaks.
Assignee | ||
Comment 4•22 years ago
|
||
Patch to fix the Carbon plugin leaks.
Assignee | ||
Comment 5•22 years ago
|
||
The OS X patch also contains some bulletproofing code to replace exception handing code that was ifdefed out. cc'ing Tony so he can get his feet wet in this stuff by reviewing these patchs. :)
Updated•22 years ago
|
Attachment #75436 -
Flags: needs-work+
Comment 6•22 years ago
|
||
Comment on attachment 75436 [details] [diff] [review] OS X patch I'm not sure why the throwing of a NullPointerException code was commented out. I'd rather throw an exception than fail silently. It would make the patch smaller to just bring that code back. :)
Comment 7•22 years ago
|
||
Comment on attachment 75435 [details] [diff] [review] OS 9 patch sr=beard
Attachment #75435 -
Flags: superreview+
Assignee | ||
Comment 8•22 years ago
|
||
Patch as per beard's comments.
Attachment #75436 -
Attachment is obsolete: true
Comment 9•22 years ago
|
||
Comment on attachment 76002 [details] [diff] [review] Revised OS X patch r=sdagley
Attachment #76002 -
Flags: review+
Comment 10•22 years ago
|
||
Comment on attachment 75435 [details] [diff] [review] OS 9 patch r=sdagley
Attachment #75435 -
Flags: review+
Comment 11•22 years ago
|
||
Comment on attachment 75435 [details] [diff] [review] OS 9 patch a=asa (on behalf of drivers) for checkin to the 1.0 trunk
Attachment #75435 -
Flags: approval+
Comment 12•22 years ago
|
||
Comment on attachment 76002 [details] [diff] [review] Revised OS X patch Ooops, I don't believe GetCurrentInstance(env) bumps increases the reference count of the plugin instance, so the NS_RELEASE in ~EvalMessage() isn't correct. Perhaps we should write another GetCurrentInstance(jsobject applet) that doesn't bump the refCount for consistency.
Attachment #76002 -
Flags: needs-work+
Assignee | ||
Comment 13•22 years ago
|
||
Oh crap...you're right. I was confused by the commented out call to
getPluginInstance in the line above.
>Perhaps we should write another GetCurrentInstance(jsobject applet) that
>doesn't bump the refCount for consistency.
I'm sorry, you lost me here. Are you suggesting that we should just call
GetCurrentInstance instead of getPluginInstance in the ..._getWindow function?
Comment 14•22 years ago
|
||
I'm saying write another version of GetCurrentInstance() that walks the list, and doesnt' do any reference counting at all.
Updated•22 years ago
|
Whiteboard: nsbeta1 → nsbeta1+
Assignee | ||
Comment 15•22 years ago
|
||
I think this is what Patrick is looking for. :)
Attachment #76002 -
Attachment is obsolete: true
Comment 16•22 years ago
|
||
Comment on attachment 76824 [details] [diff] [review] New OS X patch sr=beard
Attachment #76824 -
Flags: superreview+
Assignee | ||
Comment 17•22 years ago
|
||
Fix checked in for OS X.
Status: ASSIGNED → RESOLVED
Closed: 22 years ago
Resolution: --- → FIXED
Comment 18•22 years ago
|
||
Brian, I just tested on Mac OS 10.1.4, MRJ: 1.0fc1, using branch build (2002-04-29-05-1.0.0) BSteps to reproduce. 1) Go to http://chat.yahoo.com. 2) Enter a chat room. 3) Go back to the previous page (you have to click back twice to do this). Sometimes the browser quits by itself and most of the time, it hangs. I couldn't able go to step#4: Select another chat room. --------------------------- Tested on Mac OS 10.1.4,MRJ: 1.0fc1, using commercial trunk build (2002-04-29-08-TRUNK), it works fine without crashing/hanging! Brian, is this one fixed only on trunk build only? If like this, should I mark "verified" instead? Please let me know. Thanks!
Assignee | ||
Comment 19•22 years ago
|
||
There is no branch/trunk build for the MRJ Plugin. If indeed it fails on the branch, and works on the trunk, that is a different bug.
You need to log in
before you can comment on or make changes to this bug.
Description
•