Webshell leak when closing any page with meta refresh

RESOLVED FIXED in mozilla1.8rc1

Status

()

Product:
Core
Component:
Document Navigation
P1
normal
RESOLVED FIXED
Reported:
12 years ago
Modified:
12 years ago

People

(Reporter: mrbkap, Assigned: bz)

Tracking

(4 keywords)

Version:
Trunk
Target:
mozilla1.8rc1
x86
Linux
Keywords:
fixed1.8, mlk, regression, testcase
Points:
---
Bug Flags:
blocking1.8rc1 +

Firefox Tracking Flags

(Not tracked)

Details

Attachments

(2 attachments, 1 obsolete attachment)

testcase
46 bytes, text/html
Details
Updated to comments
3.15 KB, patch
asa
: approval1.8rc1+
Details | Diff | Splinter Review
(Reporter)

Description

12 years ago 
I noticed today that visiting http://tinderbox.mozilla.org/SeaMonkey caused us
to leak webshells (the last line I get while shutting down is --WEBSHELL
0x86c1268 == 3).

STEPS TO REPRODUCE:
1. Start browser with the URL http://tinderbox.mozilla.org/SeaMonkey/
2. Close browser.
3. Notice the leaks.

I confirmed that I see this both on trunk and the 1.8 branch.
(Reporter)

Comment 1

12 years ago 
Created attachment 199858 [details]
testcase

More digging shows that simply loading this testcase and closing the browser
causes a leak.
 (Reporter)

Updated

12 years ago
Keywords: testcase
 (Reporter)

Comment 2

12 years ago 
bz debugged this and pointed his finger at bug 301358. This leak affects any
pages that use <meta http-equiv='refresh'> and bz says it's a big leak, so I'm
nominating this to block 1.8rc1.
Blocks: 301358
Flags: blocking1.8rc1?
 (Assignee)

Comment 3

12 years ago 
Created attachment 199861 [details] [diff] [review]
Proposed fix

This just makes sure to cancel all the timers in Destroy().
Attachment #199861 - Flags: superreview?(bryner)
Attachment #199861 - Flags: review?(darin)
Attachment #199861 - Flags: superreview?(bryner) → superreview+

Comment 4

12 years ago 
Comment on attachment 199861 [details] [diff] [review]
Proposed fix

>+    // Cancel any timers that were set for this docshell; this is need
>+    // to break the cycle between us and the timers.
>+    CancelRefreshURITimers();

"this is need[ed] to break..."


>+DoCancelRefreshURITimers(nsISupportsArray* aTimerList)
> {
...
>     }
> 
>+}

nit: kill this blank line


r=darin
Attachment #199861 - Flags: review?(darin) → review+
 (Assignee)

Comment 5

12 years ago 
Created attachment 199877 [details] [diff] [review]
Updated to comments
Assignee: adamlock → bzbarsky
Attachment #199861 - Attachment is obsolete: true
Status: NEW → ASSIGNED
 (Assignee)

Updated

12 years ago
Priority: -- → P1
Target Milestone: --- → mozilla1.8rc1
 (Assignee)

Comment 6

12 years ago 
Comment on attachment 199877 [details] [diff] [review]
Updated to comments

Requesting approval.  This fixes a leak that happens any time the user closes a
window/tab that contains a meta refresh page or navigates away from a page
which has a subframe that has a meta refresh.  We're leaking the docshell and a
bunch of stuff attached to it.

All the patch does is make sure to break the cycle with the refresh timer when
the docshell is being destroyed.  It should be quite safe.
Attachment #199877 - Flags: approval1.8rc1?
 (Assignee)

Comment 7

12 years ago 
Fixed on trunk.
Status: ASSIGNED → RESOLVED
Last Resolved: 12 years ago
Resolution: --- → FIXED

Updated

12 years ago
Attachment #199877 - Flags: approval1.8rc1? → approval1.8rc1+
 (Assignee)

Comment 8

12 years ago 
Fixed on branch.
Keywords: fixed1.8

Comment 9

12 years ago 
making the blocking flag match reality
Flags: blocking1.8rc1? → blocking1.8rc1+

Updated

12 years ago
Keywords: regression
Summary: Leaks while visiting tinderbox → Webshell leak when closing any page with meta refresh
You need to log in before you can comment on or make changes to this bug.