Closed Bug 305448 Opened 17 years ago Closed 17 years ago

Leaving document while script loaded via document.write is loading leaks the world

Categories

(Core :: DOM: HTML Parser, defect)

x86
Linux
defect
Not set
major

Tracking

()

RESOLVED FIXED

People

(Reporter: bzbarsky, Assigned: mrbkap)

References

()

Details

(Keywords: fixed1.8, memory-leak)

Attachments

(2 files)

Steps to reproduce:

1)  Load www.cbsnews.com
2)  While it's loading, go to a different page.  Chances are, you leak the world.

The problem is that nsParser::Terminate doesn't work when we're waiting on a
document.written <script> tag to finish loading because
mParserContext->mPrevContext is not null. So we never call
HTMLContentSink::DidBuildModel, and never break the document/sink/parser
refcount  cycles.
I think we should get this fixed for 1.8b4; it's a pretty big leak and very easy
to hit.
Flags: blocking1.8b4?
I'll have a patch for this soon.
Status: NEW → ASSIGNED
Attached patch possible fixSplinter Review
This cleans up the parser contexts so that nsParser::DidBuildModel actually
believes that we're done parsing the document.
Attached file Minimal testcase
Attachment #193462 - Flags: review+
Attachment #193462 - Flags: superreview?(jst)
Comment on attachment 193462 [details] [diff] [review]
possible fix

sr=jst
Attachment #193462 - Flags: superreview?(jst) → superreview+
Comment on attachment 193462 [details] [diff] [review]
possible fix

This patch is very safe (only changes our behavior when we're in this weird
case) and fixes a rather large leak (parser + document + scanner + etc.).
Attachment #193462 - Flags: approval1.8b4?
Fix checked into trunk.
Status: ASSIGNED → RESOLVED
Closed: 17 years ago
Resolution: --- → FIXED
Flags: blocking1.8b4? → blocking1.8b4+
Attachment #193462 - Flags: approval1.8b4? → approval1.8b4+
And checked in on MOZILLA_1_8_BRANCH.
Keywords: fixed1.8
You need to log in before you can comment on or make changes to this bug.