Closed Bug 311022 Opened 16 years ago Closed 16 years ago
.6 .2 exposes window wrapper proliferation when enumerating
This is probably a split window bug exposed by the fix for bug 308856. We see stacks overflowing via MarkSharpObjects, starting with a window.arguments Array, descending through 0 to a window object, through its 'window' property to a new and different flat JSObject for an XPCNativeWrapper for the same native identity pointer, etc. etc. Somewhere under nsWindowSH::GetProperty we are rewrapping when we should be finding a native wrapper. Or perhaps we're doing some outer=>inner=>outer dance that causes the same result. /be
Target Milestone: --- → mozilla1.8beta5
bz pointed me at this on IRC. We can't fall into the GetNewOrUsed case because that always returns an implicit wrapper. This patch prevents us from creating lots of new wrappers for the same object, and simply returns the one that we've already created.
The other patch was an old one, this one is current.
Comment on attachment 198514 [details] [diff] [review] Move the test to where it's needed sr=jst
Attachment #198514 - Flags: superreview?(jst) → superreview+
Comment on attachment 198514 [details] [diff] [review] Move the test to where it's needed r=bzbarsky. This should probably go in on branch too -- it's a very safe fix and makes greasemonkey a lot happier.
Comment on attachment 198514 [details] [diff] [review] Move the test to where it's needed a=me, we have high confidence in spite of high regression rate overall. This code is better than the average, and the patch is only gonna make the bad case go away. /be
Attachment #198514 - Flags: approval1.8b5? → approval1.8b5+
Fix checked in, MOZILLA_1_8_BRANCH and trunk.
Status: NEW → RESOLVED
Closed: 16 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.