305448 - Leaving document while script loaded via document.write is loading leaks the world

Status: RESOLVED FIXED

(Core :: DOM: HTML Parser, defect)

Description

[Boris Zbarsky [:bzbarsky]]

Steps to reproduce:

1)  Load www.cbsnews.com
2)  While it's loading, go to a different page.  Chances are, you leak the world.

The problem is that nsParser::Terminate doesn't work when we're waiting on a
document.written <script> tag to finish loading because
mParserContext->mPrevContext is not null. So we never call
HTMLContentSink::DidBuildModel, and never break the document/sink/parser
refcount  cycles.

Comment 1

[Boris Zbarsky [:bzbarsky]]

I think we should get this fixed for 1.8b4; it's a pretty big leak and very easy
to hit.

Comment 2

[Blake Kaplan (:mrbkap) (inactive)]

I'll have a patch for this soon.

Comment 3

[Blake Kaplan (:mrbkap) (inactive)]

Attachment: possible fix

This cleans up the parser contexts so that nsParser::DidBuildModel actually
believes that we're done parsing the document.

Comment 4

[Boris Zbarsky [:bzbarsky]]

Attachment: Minimal testcase

Comment 5

[Johnny Stenback (:jst)]

Comment on attachment 193462 [details] [diff] [review]
possible fix

sr=jst

Comment 6

[Blake Kaplan (:mrbkap) (inactive)]

Comment on attachment 193462 [details] [diff] [review]
possible fix

This patch is very safe (only changes our behavior when we're in this weird
case) and fixes a rather large leak (parser + document + scanner + etc.).

Comment 7

[Blake Kaplan (:mrbkap) (inactive)]

Fix checked into trunk.

Comment 8

[Blake Kaplan (:mrbkap) (inactive)]

And checked in on MOZILLA_1_8_BRANCH.