CycleCollector fault when using findbar on about:config

RESOLVED DUPLICATE of bug 386947

Status

()

Core
XPCOM
RESOLVED DUPLICATE of bug 386947
11 years ago
11 years ago

People

(Reporter: Robert Sayre, Assigned: graydon)

Tracking

Trunk
x86
Linux
Points:
---
Bug Flags:
blocking1.9 +

Firefox Tracking Flags

(Not tracked)

Details

Attachments

(1 attachment)

(Reporter)

Description

11 years ago
The findbar doesn't happen to work on about:config, but I did it by accident and found this:

###!!! ASSERTION: Fault in cycle collector: traversed refs exceed refcount (ptr: 15b8e40)
: 'Not Reached', file nsCycleCollector.cpp, line 892
(Reporter)

Comment 1

11 years ago
Steps to reproduce:

1.) start Minefield
2.) type about:config into the location bar
3.) use the findbar and try to search for a string
4.) close the browser

Updated

11 years ago
Version: unspecified → Trunk
(Assignee)

Comment 2

11 years ago
Created attachment 268847 [details]
cycle collection graph at the moment of the fault

This shows the node in question that's fauling: it's an nsXULPrototypeNode that has a refcount of 1 but appears to be strongly owned by both a parent nsXULPrototypeNode and a parent nsGenericElement. 

Note that this pattern repeats across the graph. We're fauling on the first, but not only, instance of a dually-owned nsXULPrototypeNode with refcnt=1.

I don't really know the content ownership model well enough to say which of those is correct, but someone broke the rules.

Comment 3

11 years ago
Boris, do you know how this ownership model works?
Assignee: nobody → graydon
Flags: blocking1.9? → blocking1.9+
I'm guessing the problem is that nsXULPrototypeElement::ReleaseSubtree doesn't null out the pointers in question.  So if the prototype survives past that call, any traversal through it will lead to problems, no?  Does nulling out the pointers in that method help?

This business of prototype nodes holding refs to themselves is really quite silly; we should fix it sometime...
Status: NEW → RESOLVED
Last Resolved: 11 years ago
Resolution: --- → DUPLICATE
Duplicate of bug: 386947

Updated

11 years ago
Flags: blocking1.9+
(Reporter)

Updated

11 years ago
Flags: blocking1.9+
You need to log in before you can comment on or make changes to this bug.