Closed
Bug 386294
Opened 17 years ago
Closed 17 years ago
leak nsJSRuntime due to unbalanced HoldScriptObject(nsnull)
Categories
(Core :: DOM: Core & HTML, defect)
Tracking
()
RESOLVED
FIXED
People
(Reporter: dbaron, Assigned: dbaron)
Details
(Keywords: memory-leak)
Attachments
(1 file)
2.57 KB,
patch
|
jst
:
review+
jst
:
superreview+
|
Details | Diff | Splinter Review |
We leak an nsJSRuntime on Firefox startups when we're reading from fastload because we leak references of the sHoldScriptRootCount in nsContentUtils. This is because one of the nsXULPrototypeScript deserialization codepaths calls mScriptObject.set(nsnull), which calls HoldScriptObject(nsnull), which works since js_LockGCThingRT silently no-ops on null input, and then checks mScriptObject.mObject to see if it has already called HoldScriptObject, and then does it again with a good pointer. This leads to sHoldScriptRootCount ending up off. There's a question of how far we should allow the null. We could allow it in nsContentUtils::ScriptObjectHolder, but I think we have to detect it in or before nsContentUtils::HoldScriptObject/DropScriptObject. However, my inclination is to forbid it from both and make the caller not pass null.
Assignee | ||
Comment 1•17 years ago
|
||
Attachment #270289 -
Flags: superreview?(jst)
Attachment #270289 -
Flags: review?(jst)
Updated•17 years ago
|
Attachment #270289 -
Flags: superreview?(jst)
Attachment #270289 -
Flags: superreview+
Attachment #270289 -
Flags: review?(jst)
Attachment #270289 -
Flags: review+
Assignee | ||
Comment 2•17 years ago
|
||
Checked in to trunk.
Status: NEW → RESOLVED
Closed: 17 years ago
Resolution: --- → FIXED
Updated•5 years ago
|
Component: DOM → DOM: Core & HTML
You need to log in
before you can comment on or make changes to this bug.
Description
•