Created attachment 392911 [details] [diff] [review] v1 nsGlobalModalWindow traverses mArguments, which is already traversed in its base class (nsGlobalWindow). This means the cycle collector might be collecting live objects. It doesn't traverse its own member mReturnValue but does unlink it. I found this from code inspection and I don't have a testcase, so no idea how bad it is. We should be nulling out pointers when unlinking so I don't think we'll end up with stale pointers.
Peter: do you think this should block the alpha? That's what P1 blockers mean at this time ...
Priority: P1 → P2
Status: ASSIGNED → RESOLVED
Last Resolved: 10 years ago
Resolution: --- → FIXED
Created attachment 415604 [details] [diff] [review] v1 (1.9.1 branch version) This fixes the leaks from bug 504862. Safe patch, has been on trunk since beginning of August.
blocking1.9.1: --- → .7+
status1.9.1: --- → wanted
Comment on attachment 415604 [details] [diff] [review] v1 (1.9.1 branch version) Approved for 184.108.40.206 and 220.127.116.11, a=dveditz for release-drivers Please land this before bug 504862
status1.9.1: wanted → .7-fixed
You need to log in before you can comment on or make changes to this bug.