Closed Bug 614149 Opened 15 years ago Closed 12 years ago

Leak imgRequest when a javascript: URL appears as background and background-in-SVG-background

Categories

(Core :: Graphics: ImageLib, defect)

Product:
Core
Component:
Graphics: ImageLib
Platform:
x86
macOS
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED WORKSFORME
Tracking Flags:
Tracking Status
blocking2.0 --- -

People

(Reporter: jruderman, Assigned: joe)

References

Details

(Keywords: memory-leak, testcase)

Attachments

(2 files)

testcase
424 bytes, text/html
Details
leak log
2.62 KB, text/plain
Details
Attached file testcase
No description provided.
Attached file leak log
###!!! ASSERTION: Serial number requested for unrecognized pointer! Are you memmoving a refcounted object?: 'serialno != 0', file /home/khuey/dev/mozilla-central2/xpcom/base/nsTraceRefcntImpl.cpp, li ne 1016 NS_LogAddRef_P (/home/khuey/dev/mozilla-central2/xpcom/base/nsTraceRefcntImpl.cpp:1017) imgRequestProxy::AddRef() (/home/khuey/dev/mozilla-central2/modules/libpr0n/src/imgRequestProxy.cpp: 60) NS_TableDrivenQI(void*, QITableEntry const*, nsID const&, void**) (/home/khuey/dev/mozilla-central2/ obj-x86_64-unknown-linux-gnu/xpcom/build/nsISupportsImpl.cpp:50) imgRequestProxy::QueryInterface(nsID const&, void**) (/home/khuey/dev/mozilla-central2/modules/libpr 0n/src/imgRequestProxy.cpp:60) nsQueryInterface::operator()(nsID const&, void**) const (/home/khuey/dev/mozilla-central2/obj-x86_64 -unknown-linux-gnu/xpcom/build/nsCOMPtr.cpp:47) nsCOMPtr<imgIRequest>::assign_from_qi(nsQueryInterface, nsID const&) (/home/khuey/dev/mozilla-centra l2/obj-x86_64-unknown-linux-gnu/accessible/src/html/../../../dist/include/nsCOMPtr.h:1212) nsCOMPtr (/home/khuey/dev/mozilla-central2/obj-x86_64-unknown-linux-gnu/accessible/src/html/../../.. /dist/include/nsCOMPtr.h:596) nsCOMPtr<imgIRequest>::Assert_NoQueryNeeded() (/home/khuey/dev/mozilla-central2/obj-x86_64-unknown-l inux-gnu/accessible/src/html/../../../dist/include/nsCOMPtr.h:544) nsCOMPtr (/home/khuey/dev/mozilla-central2/obj-x86_64-unknown-linux-gnu/layout/xul/base/src/tree/src /../../../../../../dist/include/nsCOMPtr.h:580) imgStatusTracker::EmulateRequestFinished(imgRequestProxy*, unsigned int, int) (/home/khuey/dev/mozil la-central2/modules/libpr0n/src/imgStatusTracker.cpp:279) imgRequest::RemoveProxy(imgRequestProxy*, unsigned int, int) (/home/khuey/dev/mozilla-central2/modul es/libpr0n/src/imgRequest.cpp:330) ~imgRequestProxy (/home/khuey/dev/mozilla-central2/modules/libpr0n/src/imgRequestProxy.cpp:116) ~imgRequestProxy (/home/khuey/dev/mozilla-central2/modules/libpr0n/src/imgRequestProxy.cpp:116) imgRequestProxy::Release() (/home/khuey/dev/mozilla-central2/modules/libpr0n/src/imgRequestProxy.cpp :60) ~nsCOMPtr (/home/khuey/dev/mozilla-central2/obj-x86_64-unknown-linux-gnu/accessible/src/html/../../. ./dist/include/nsCOMPtr.h:534) ~Image (/home/khuey/dev/mozilla-central2/layout/style/nsCSSValue.cpp:1296) nsCSSValue::Image::Release() (/home/khuey/dev/mozilla-central2/layout/style/nsCSSValue.h:495) nsCSSValue::DoReset() (/home/khuey/dev/mozilla-central2/layout/style/nsCSSValue.cpp:308) nsCSSValue::Reset() (/home/khuey/dev/mozilla-central2/layout/mathml/../style/nsCSSValue.h:400) ~nsCSSValue (/home/khuey/dev/mozilla-central2/layout/mathml/../style/nsCSSValue.h:228) ~nsCSSValueList (/home/khuey/dev/mozilla-central2/layout/style/nsCSSValue.cpp:1048) ~nsCSSValueList_heap (/home/khuey/dev/mozilla-central2/layout/style/nsCSSValue.h:666) nsCSSValueList_heap::Release() (/home/khuey/dev/mozilla-central2/layout/style/nsCSSValue.h:667) nsCSSValue::DoReset() (/home/khuey/dev/mozilla-central2/layout/style/nsCSSValue.cpp:316) nsCSSValue::Reset() (/home/khuey/dev/mozilla-central2/layout/mathml/../style/nsCSSValue.h:400) ~nsCSSValue (/home/khuey/dev/mozilla-central2/layout/mathml/../style/nsCSSValue.h:228) ~nsCSSCompressedDataBlock (/home/khuey/dev/mozilla-central2/layout/style/nsCSSDataBlock.cpp:312) ~nsAutoPtr (/home/khuey/dev/mozilla-central2/obj-x86_64-unknown-linux-gnu/layout/style/../../dist/in clude/nsAutoPtr.h:104) ~Declaration (/home/khuey/dev/mozilla-central2/layout/style/Declaration.cpp:76) ~CSSStyleRuleImpl (/home/khuey/dev/mozilla-central2/layout/style/nsCSSStyleRule.cpp:1399) CSSStyleRuleImpl::Release() (/home/khuey/dev/mozilla-central2/layout/style/nsCSSStyleRule.cpp:1416) ReleaseObjects (/home/khuey/dev/mozilla-central2/obj-x86_64-unknown-linux-gnu/xpcom/build/nsCOMArray .cpp:148) nsVoidArray::EnumerateForwards(int (*)(void*, void*), void*) (/home/khuey/dev/mozilla-central2/obj-x 86_64-unknown-linux-gnu/xpcom/build/nsVoidArray.cpp:724) nsCOMArray_base::Clear() (/home/khuey/dev/mozilla-central2/obj-x86_64-unknown-linux-gnu/xpcom/build/ nsCOMArray.cpp:158) ~nsCOMArray_base (/home/khuey/dev/mozilla-central2/obj-x86_64-unknown-linux-gnu/xpcom/build/nsCOMArr ay.cpp:59) ~nsCOMArray (/home/khuey/dev/mozilla-central2/obj-x86_64-unknown-linux-gnu/layout/style/../../dist/i nclude/nsCOMArray.h:159) ~nsCSSStyleSheetInner (/home/khuey/dev/mozilla-central2/layout/style/nsCSSStyleSheet.cpp:907) nsCSSStyleSheetInner::RemoveSheet(nsCSSStyleSheet*) (/home/khuey/dev/mozilla-central2/layout/style/n sCSSStyleSheet.cpp:926) ~nsCSSStyleSheet (/home/khuey/dev/mozilla-central2/layout/style/nsCSSStyleSheet.cpp:1065) ~nsCSSStyleSheet (/home/khuey/dev/mozilla-central2/layout/style/nsCSSStyleSheet.cpp:1069) nsCSSStyleSheet::Release() (/home/khuey/dev/mozilla-central2/layout/style/nsCSSStyleSheet.cpp:1089) ~nsRefPtr (/home/khuey/dev/mozilla-central2/obj-x86_64-unknown-linux-gnu/chrome/src/../../dist/inclu de/nsAutoPtr.h:970) ~nsLayoutStylesheetCache (/home/khuey/dev/mozilla-central2/layout/style/nsLayoutStylesheetCache.cpp: 200) nsLayoutStylesheetCache::Release() (/home/khuey/dev/mozilla-central2/layout/style/nsLayoutStylesheet Cache.cpp:50) nsLayoutStylesheetCache::Shutdown() (/home/khuey/dev/mozilla-central2/layout/style/nsLayoutStyleshee tCache.cpp:162) nsLayoutStatics::Shutdown() (/home/khuey/dev/mozilla-central2/layout/build/nsLayoutStatics.cpp:352) nsLayoutStatics::Release() (/home/khuey/dev/mozilla-central2/obj-x86_64-unknown-linux-gnu/dom/base/. ./../dist/include/nsLayoutStatics.h:78) ~nsGlobalWindow (/home/khuey/dev/mozilla-central2/dom/base/nsGlobalWindow.cpp:924) ~nsGlobalWindow (/home/khuey/dev/mozilla-central2/dom/base/nsGlobalWindow.cpp:925) nsGlobalWindow::Release() (/home/khuey/dev/mozilla-central2/dom/base/nsGlobalWindow.cpp:1242) ~XPCWrappedNative (/home/khuey/dev/mozilla-central2/js/src/xpconnect/src/xpcwrappednative.cpp:931) ~XPCWrappedNative (/home/khuey/dev/mozilla-central2/js/src/xpconnect/src/xpcwrappednative.cpp:934) XPCWrappedNative::Release() (/home/khuey/dev/mozilla-central2/js/src/xpconnect/src/xpcwrappednative. cpp:1223) XPCWrappedNative::FlatJSObjectFinalized(JSContext*) (/home/khuey/dev/mozilla-central2/js/src/xpconne ct/src/xpcwrappednative.cpp:1382) XPC_WN_Helper_Finalize (/home/khuey/dev/mozilla-central2/js/src/xpconnect/src/xpcwrappednativejsops. cpp:1078) JSObject::finalize(JSContext*) (/home/khuey/dev/mozilla-central2/js/src/jsobjinlines.h:132) FinalizeArenaList<JSObject> (/home/khuey/dev/mozilla-central2/js/src/jsgc.cpp:1848) MarkAndSweep (/home/khuey/dev/mozilla-central2/js/src/jsgc.cpp:2204) GCUntilDone (/home/khuey/dev/mozilla-central2/js/src/jsgc.cpp:2482) js_GC(JSContext*, JSGCInvocationKind) (/home/khuey/dev/mozilla-central2/js/src/jsgc.cpp:2547) JS_GC (/home/khuey/dev/mozilla-central2/js/src/jsapi.cpp:2504) nsXPConnect::Collect() (/home/khuey/dev/mozilla-central2/js/src/xpconnect/src/nsXPConnect.cpp:406) nsCycleCollector::BeginCollection(int, nsICycleCollectorListener*) (/home/khuey/dev/mozilla-central2 /xpcom/base/nsCycleCollector.cpp:2580) nsCycleCollector::Collect(unsigned int, nsICycleCollectorListener*) (/home/khuey/dev/mozilla-central 2/xpcom/base/nsCycleCollector.cpp:2541) nsCycleCollector::Shutdown() (/home/khuey/dev/mozilla-central2/xpcom/base/nsCycleCollector.cpp:2803) nsCycleCollector_shutdown() (/home/khuey/dev/mozilla-central2/xpcom/base/nsCycleCollector.cpp:3503) mozilla::ShutdownXPCOM(nsIServiceManager*) (/home/khuey/dev/mozilla-central2/xpcom/build/nsXPComInit .cpp:696) NS_ShutdownXPCOM_P (/home/khuey/dev/mozilla-central2/xpcom/build/nsXPComInit.cpp:595) ~ScopedXPCOMStartup (/home/khuey/dev/mozilla-central2/toolkit/xre/nsAppRunner.cpp:1118) XRE_main (/home/khuey/dev/mozilla-central2/toolkit/xre/nsAppRunner.cpp:3721) main (/home/khuey/dev/mozilla-central2/browser/app/nsBrowserApp.cpp:158) __libc_start_main (/usr/src/debug/glibc-2.12.1-7-gfc0ed7b/csu/libc-start.c:258) _start (/home/khuey/dev/mozilla-central2/obj-x86_64-unknown-linux-gnu/dist/bin/firefox-bin)
Memmoving refcounted objects would be ... odd. Need to sort this out, I think.
blocking2.0: --- → ?
Component: SVG → ImageLib
QA Contact: general → imagelib
Probably somebody has an nsTArray of XPCOM objects.
That makes no sense to do, though. If someone has has that, they have a serious bug.
I don't disagree, I'm just saying that that's the easiest way to end up in that situation.
Might unblock on this, but I agree that it's a very, very worrying bug to have.
Assignee: nobody → joe
blocking2.0: ? → final+
blocking2.0: final+ → -
I've identified the cause of the assertions. They're bogus.
So, summary from the other bug (which is now WONTFIXed), the assertions are caused by QIing the imgRequestProxy during the dtor. Refcount stabilization ensures that this doesn't cause the world to explode, but depending on who you ask that's still a bug. The assertions are, however, bogus.
"The other bug" is bug 624087, for those who are curious.
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: