Bug 674658

nsDOMEventTargetWrapperCache fails to unlink inherited fields

RESOLVED FIXED

Get help with this page

Status

()

Product:

Component:

Status:

RESOLVED FIXED

Reported:

8 years ago

Modified:

6 days ago

People

(Reporter: mccr8, Assigned: smaug)

Tracking

Version:

Other Branch

Target:

---

Points:

---

Blocks:

423032

Firefox Tracking Flags

(Not tracked)

Details

Attachments

(1 attachment)

patch 8 years ago Olli Pettay [:smaug] 1.17 KB, patch	bent.mozilla : review+	Details \| Diff \| Splinter Review

Andrew McCreight [:mccr8]

(Reporter)

Description

•

8 years ago

In content/base/src/nsDOMEventTargetWrapperCache.cpp:

NS_IMPL_CYCLE_COLLECTION_TRAVERSE_BEGIN_INHERITED(nsDOMEventTargetWrapperCache,
                                                  nsDOMEventTargetHelper)
  NS_IMPL_CYCLE_COLLECTION_TRAVERSE_SCRIPT_OBJECTS
NS_IMPL_CYCLE_COLLECTION_TRAVERSE_END

NS_IMPL_CYCLE_COLLECTION_UNLINK_BEGIN(nsDOMEventTargetWrapperCache)
  NS_IMPL_CYCLE_COLLECTION_UNLINK_PRESERVED_WRAPPER
NS_IMPL_CYCLE_COLLECTION_UNLINK_END

The Traverse function calls its parent's traverse, but Unlink does not.

This results in 3 fields not being unlinked:

Unrefed fields in nsDOMEventTargetWrapperCache::cycleCollection::Unlink(void*):
  (/home/amccreight/tm/content/base/src/nsDOMEventTargetWrapperCache.cpp:61:1)
    nsDOMEventTargetHelper::mListenerManager
    nsDOMEventTargetHelper::mOwner
    nsDOMEventTargetHelper::mScriptContext

Found using my cycle collector static analysis.

Andrew McCreight [:mccr8]

(Reporter)

Updated

•

8 years ago

Blocks: 423032

Olli Pettay [:smaug]

(Assignee)

Updated

•

8 years ago

Assignee: nobody → Olli.Pettay

Olli Pettay [:smaug]

(Assignee)

Comment 1

•

8 years ago

Posted patch patch — Details — Splinter Review

Attachment #549179 - Flags: review?(bent.mozilla)

Ben Turner (not reading bugmail, use the needinfo flag!)

Updated

•

8 years ago

Attachment #549179 - Flags: review?(bent.mozilla) → review+

Olli Pettay [:smaug]

(Assignee)

Comment 2

•

8 years ago

http://hg.mozilla.org/mozilla-central/rev/45caaf30e1fe

Status: NEW → RESOLVED

Last Resolved: 8 years ago

Resolution: --- → FIXED

Nobody; OK to take it and work on it

Updated

•

6 days ago

Component: DOM → DOM: Core & HTML

Product: Core → Core

You need to log in before you can comment on or make changes to this bug.

Bugzilla

nsDOMEventTargetWrapperCache fails to unlink inherited fields

Status

()

People

(Reporter: mccr8, Assigned: smaug)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

Security

(public)

User Story

Attachments

(1 attachment)

Description

Updated

Updated

Comment 1

Updated

Comment 2

Updated