Closed
Bug 624186
Opened 14 years ago
Closed 11 years ago
Arguments.callee.caller leaks a docshell, window, etc when spanning a JSM boundary
Categories
(Core :: XPConnect, defect)
Tracking
()
RESOLVED
WORKSFORME
People
(Reporter: clever, Unassigned)
References
Details
(Keywords: memory-leak, regression, Whiteboard: [MemShrink:P3])
Attachments
(2 files, 1 obsolete file)
126.52 KB,
text/plain
|
Details | |
2.94 KB,
patch
|
Details | Diff | Splinter Review |
User-Agent: Mozilla/5.0 (X11; Linux i686; rv:2.0b9pre) Gecko/20110108 Firefox/4.0b9pre
Build Identifier:
using arguments.callee.caller from a JSM can trigger an xpcom leak
nsStringStats
=> mAllocCount: 58343
=> mReallocCount: 2921
=> mFreeCount: 51739 -- LEAKED 6604 !!!
=> mAdoptCount: 1873
=> mAdoptFreeCount: 1871 -- LEAKED 2 !!!
Reproducible: Always
Steps to Reproduce:
1. install the attached .xpi on a debug build of firefox
2. close firefox
3. look at stdout
--enable-application=browser --enable-debug --enable-jemalloc --enable-optimize=-O2
Built from https://hg.mozilla.org/mozilla-central/rev/df3c1150dd7a
Attachment #502287 -
Attachment mime type: application/octet-stream → text/plain
Component: General → XPConnect
Product: Firefox → Core
QA Contact: general → xpconnect
Status: UNCONFIRMED → NEW
Ever confirmed: true
Summary: refcount leak jsm arguments callee caller → Arguments.callee.caller leaks when spanning a JSM boundary
Comment 3•14 years ago
|
||
Here's what's in the XPI.
modules/debuger.js, in its entirety:
> var EXPORTED_SYMBOLS = [ 'get_debug' ];
>
> function MAIN_debug () {
> arguments.callee.caller;
> }
> function get_debug() {
> return function local_debug() {
> dump(arguments.callee.caller);
> MAIN_debug();
> dump('leaking');
> }
> }
A script in chrome/overlay.xul does this:
> function crash() {
> var debuger = Components.utils.import("resource://earthangel/debuger.js");
> var debug = debuger.get_debug('foo');
> debug('test');
> }
> crash();
(Clever confirmed for me that despite its name, this function doesn't crash; it just leaks.)
Apart from the usual boilerplate, that's it.
Comment 4•14 years ago
|
||
jorendorff, should this block (hard, soft, or 2.x)?
Comment 5•14 years ago
|
||
(In reply to comment #4)
> jorendorff, should this block (hard, soft, or 2.x)?
Let's ask this question officially!
blocking2.0: --- → ?
Keywords: mlk
Summary: Arguments.callee.caller leaks when spanning a JSM boundary → Arguments.callee.caller leaks a docshell, window, etc when spanning a JSM boundary
Comment 6•14 years ago
|
||
njn/jorendorff - drivers need more info to understand blocking here. How frequently would the leak be encountered, how painful, is it a regression?
Comment 7•14 years ago
|
||
Andreas, Blake, should this block?
Comment 9•14 years ago
|
||
I don't know anything about this code and jorendorff told me he doesn't either, so Andreas or Blake will need to decide.
Comment 10•14 years ago
|
||
Is this a regression?
Updated•14 years ago
|
Keywords: regressionwindow-wanted
Comment 11•14 years ago
|
||
Andreas says this is liveable if it's not a regression, but we don't know yet. Who can determine that and re-nom if so?
blocking2.0: ? → -
Keywords: qawanted
I can do that tonight if nobody beats me to it.
This is a bit odd, overlaying browser.xul is essential to the leak. I've reduced this to a testcase, looking for a known good build now.
Attachment #502285 -
Attachment is obsolete: true
This is a regression from 3.6. Continuing to bisect.
blocking2.0: - → ?
Keywords: regression
Reporter | ||
Comment 16•14 years ago
|
||
with my past testing, i couldnt get it to leak multiple times, so it wont snowball out of control and use up all ram
Comment 15 is bogus, this is not a regression from 3.6. The behavior of the test suite changed such that the test does not leak before http://hg.mozilla.org/mozilla-central/rev/13153bb68e1b, but the extension version leaks on 3.6.
blocking2.0: ? → ---
Updated•13 years ago
|
Blocks: mlk-fx4-beta
Updated•13 years ago
|
Whiteboard: [MemShrink:P3]
Comment 18•11 years ago
|
||
Build identifier: Mozilla/5.0 (X11; Linux i686; rv:25.0) Gecko/20130711 Firefox/25.0
WFM on the above build (latest Nightly) with the steps from bug description. Please reopen if it occurs again.
Status: NEW → RESOLVED
Closed: 11 years ago
Keywords: qawanted,
regressionwindow-wanted
Resolution: --- → WORKSFORME
You need to log in
before you can comment on or make changes to this bug.
Description
•