Open
Bug 265788
Opened 21 years ago
Updated 10 months ago
Pref API is happy to free observer nodes which are currently being run
Categories
(Core :: Preferences: Backend, defect)
Core
Preferences: Backend
Tracking
()
NEW
People
(Reporter: bugzilla-mozilla-20000923, Unassigned)
References
Details
While working out what was going on in bug 255494, I found that pref branches
are quite happy to remove an observer that is currently running, however, in
doing this is goes and frees the observer node for it which is being used higher
in the stack!
If you look at the stack in attachment 163142 [details], you see frame 0x0D/0x0C are
running the callback - which has it's memory freed in frame 0x00.
|
Reporter | |
Comment 1•21 years ago
|
||
The problem is that when the observer finally unwides, it finds itself without a
valid |node| at
http://lxr.mozilla.org/mozilla/source/modules/libpref/src/prefapi.cpp#862 and
crashes on MacOSX and FreeBSD. I don't know why it doesn't crash on Win/Lin -
but I know the memory is freed on Win32 at least.
|
||
Comment 2•21 years ago
|
||
hm... is bug 218042 related?
|
|
Reporter | |
Comment 3•21 years ago
|
||
That appears to be the same basic issue, though occuring quite differently (it
looks like the pref system is observing the change and releasing the observer,
rather than some external code).
|
||
Comment 4•17 years ago
|
||
(Filter "spam" on 'prefs-nobody-20080612'.)
Assignee: prefs → nobody
QA Contact: prefs
|
||
Updated•16 years ago
|
QA Contact: preferences → preferences-backend
|
||
Updated•3 years ago
|
Severity: normal → S3
|
||
Updated•10 months ago
|
Flags: needinfo?(documentation)
You need to log in
before you can comment on or make changes to this bug.
Description
•