Closed
Bug 1335321
Opened 8 years ago
Closed 8 years ago
stylo: Unsafe parallel refcount drop in CachedBorderImageData::PurgeCachedImages
Categories
(Core :: CSS Parsing and Computation, defect)
Core
CSS Parsing and Computation
Tracking
()
RESOLVED
FIXED
mozilla54
| Tracking | Status | |
|---|---|---|
| firefox54 | --- | fixed |
People
(Reporter: bholley, Unassigned)
References
Details
Attachments
(1 file)
> > Error: AddRef/Release on nsISupports
> > Location: nsCOMArray.cpp:void ReleaseObjects(class nsTArray<nsISupports*>*)
> > @ xpcom/glue/nsCOMArray.cpp:272
> > Stack Trace:
> > void nsCOMArray_base::Clear() @ xpcom/glue/nsCOMArray.cpp:281
> > void CachedBorderImageData::PurgeCachedImages() @
> > layout/style/nsStyleStruct.cpp:2044
> > void nsStyleImage::SetImageRequest(struct
> > already_AddRefed<nsStyleImageRequest>) @ layout/style/nsStyleStruct.cpp:2150
> > Gecko_SetUrlImageValue @ layout/style/ServoBindings.cpp:752
|
Reporter | |
Comment 1•8 years ago
|
||
Manish, you were working on this code, right? WDYT?
Flags: needinfo?(manishearth)
|
||
Comment 2•8 years ago
|
||
I think heycam will have a better idea -- he did the final implementation of the url image stuff.
Flags: needinfo?(manishearth) → needinfo?(cam)
|
|
Reporter | |
Comment 3•8 years ago
|
||
Some naive options:
* Check IsInServoTraversal in PurgeCachedImages, and NS_ReleaseOnMainThread if so.
* Queue up this work (on the servo side) in SequentialTasks to execute post-traversal.
| Comment hidden (mozreview-request) |
|
||
Updated•8 years ago
|
Flags: needinfo?(cam)
|
|
Reporter | |
Comment 5•8 years ago
|
||
| mozreview-review | ||
Comment on attachment 8839141 [details]
Bug 1335321 - stylo: Do CachedBorderImageData::PurgeCachedImages work on the main thread.
https://reviewboard.mozilla.org/r/113864/#review115456
::: layout/style/nsStyleStruct.cpp:2074
(Diff revision 1)
> CachedBorderImageData::PurgeCachedImages()
> {
> + if (ServoStyleSet::IsInServoTraversal()) {
> + RefPtr<PurgeCachedImagesTask> task = new PurgeCachedImagesTask();
> + task->mSubImages.SwapElements(mSubImages);
> + NS_DispatchToMainThread(task.forget());
Maybe add a comment saying that this won't proxy if we're already on the main thread, and that's fine.
Attachment #8839141 -
Flags: review?(bobbyholley) → review+
| Comment hidden (mozreview-request) |
Pushed by cmccormack@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/b393d50b5ed8
stylo: Do CachedBorderImageData::PurgeCachedImages work on the main thread. r=bholley
|
||
Comment 8•8 years ago
|
||
| bugherder | ||
Status: NEW → RESOLVED
Closed: 8 years ago
status-firefox54:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla54
You need to log in
before you can comment on or make changes to this bug.
Description
•