Closed Bug 1495554 Opened 6 years ago Closed 6 years ago

Call StopObserving in SVGRenderingObserver's dtor instead of individual subclasses' dtors

Categories

(Core :: SVG, enhancement, P3)

Product:
Core
Component:
SVG
Type:
enhancement

Tracking

()

Status:
RESOLVED INVALID

People

(Reporter: jwatt, Assigned: jwatt)

Details

Attachments

(1 obsolete file) 

      No description provided.
Comment on attachment 9013406 [details]
Bug 1495554. Call StopObserving in SVGRenderingObserver's dtor instead of individual subclasses' dtors. r?longsonr

Robert Longson [:longsonr] has approved the revision.
Attachment #9013406 - Flags: review+
Pushed by jwatt@jwatt.org:
https://hg.mozilla.org/integration/mozilla-inbound/rev/28792d9adea2
Call StopObserving in SVGRenderingObserver's dtor instead of individual subclasses' dtors. r=longsonr
Oops! StopObserving() itself is not virtual, but it calls the virtual function GetReferencedElementWithoutObserving and of course calling virtual methods during destruction is hazardous.

Specifically what happens here I believe is that when the SVGRenderingObserver dtor is called the vtable in use is the vtable for SVGRenderingObserver, not the vtable for the original, fully derived subclass type of the object being destroyed. That vtable has no entry for GetReferencedElementWithoutObserving (which is pure virtual at that level in the type hierarchy). I'm not sure what behavior the spec defines at that point, but crashing immediately in SVGRenderingObserver::StopObserving at the GetReferencedElementWithoutObserving call does indeed seem like the best course of action.
Status: ASSIGNED → RESOLVED
Closed: 6 years ago
Flags: needinfo?(jwatt)
Resolution: --- → INVALID
Attachment #9013406 - Attachment is obsolete: true
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: