The findbar doesn't happen to work on about:config, but I did it by accident and found this: ###!!! ASSERTION: Fault in cycle collector: traversed refs exceed refcount (ptr: 15b8e40) : 'Not Reached', file nsCycleCollector.cpp, line 892
Steps to reproduce: 1.) start Minefield 2.) type about:config into the location bar 3.) use the findbar and try to search for a string 4.) close the browser
Created attachment 268847 [details] cycle collection graph at the moment of the fault This shows the node in question that's fauling: it's an nsXULPrototypeNode that has a refcount of 1 but appears to be strongly owned by both a parent nsXULPrototypeNode and a parent nsGenericElement. Note that this pattern repeats across the graph. We're fauling on the first, but not only, instance of a dually-owned nsXULPrototypeNode with refcnt=1. I don't really know the content ownership model well enough to say which of those is correct, but someone broke the rules.
Boris, do you know how this ownership model works?
Assignee: nobody → graydon
Flags: blocking1.9? → blocking1.9+
I'm guessing the problem is that nsXULPrototypeElement::ReleaseSubtree doesn't null out the pointers in question. So if the prototype survives past that call, any traversal through it will lead to problems, no? Does nulling out the pointers in that method help? This business of prototype nodes holding refs to themselves is really quite silly; we should fix it sometime...
Status: NEW → RESOLVED
Last Resolved: 11 years ago
Resolution: --- → DUPLICATE
Duplicate of bug: 386947
You need to log in before you can comment on or make changes to this bug.