Last Comment Bug 674658 - nsDOMEventTargetWrapperCache fails to unlink inherited fields
: nsDOMEventTargetWrapperCache fails to unlink inherited fields
Status: RESOLVED FIXED
:
Product: Core
Classification: Components
Component: DOM (show other bugs)
: Other Branch
: All All
: -- normal (vote)
: ---
Assigned To: Olli Pettay [:smaug]
:
:
Mentors:
Depends on:
Blocks: 423032
  Show dependency treegraph
 
Reported: 2011-07-27 13:13 PDT by Andrew McCreight [:mccr8]
Modified: 2011-07-28 13:00 PDT (History)
4 users (show)
See Also:
Crash Signature:
(edit)
QA Whiteboard:
Iteration: ---
Points: ---
Has Regression Range: ---
Has STR: ---

Attachments
patch (1.17 KB, patch)
2011-07-28 11:21 PDT, Olli Pettay [:smaug] 		bent.mozilla: review+
Details | Diff | Splinter Review
View All Add an attachment (proposed patch, testcase, etc.)

Description Andrew McCreight [:mccr8] 2011-07-27 13:13:09 PDT 
In content/base/src/nsDOMEventTargetWrapperCache.cpp:

NS_IMPL_CYCLE_COLLECTION_TRAVERSE_BEGIN_INHERITED(nsDOMEventTargetWrapperCache,
                                                  nsDOMEventTargetHelper)
  NS_IMPL_CYCLE_COLLECTION_TRAVERSE_SCRIPT_OBJECTS
NS_IMPL_CYCLE_COLLECTION_TRAVERSE_END

NS_IMPL_CYCLE_COLLECTION_UNLINK_BEGIN(nsDOMEventTargetWrapperCache)
  NS_IMPL_CYCLE_COLLECTION_UNLINK_PRESERVED_WRAPPER
NS_IMPL_CYCLE_COLLECTION_UNLINK_END

The Traverse function calls its parent's traverse, but Unlink does not.

This results in 3 fields not being unlinked:

Unrefed fields in nsDOMEventTargetWrapperCache::cycleCollection::Unlink(void*):
  (/home/amccreight/tm/content/base/src/nsDOMEventTargetWrapperCache.cpp:61:1)
    nsDOMEventTargetHelper::mListenerManager
    nsDOMEventTargetHelper::mOwner
    nsDOMEventTargetHelper::mScriptContext

Found using my cycle collector static analysis.
Comment 1 Olli Pettay [:smaug] 2011-07-28 11:21:31 PDT 
Created attachment 549179 [details] [diff] [review]
patch
Comment 2 Olli Pettay [:smaug] 2011-07-28 13:00:20 PDT 
http://hg.mozilla.org/mozilla-central/rev/45caaf30e1fe
Note You need to log in before you can comment on or make changes to this bug.