nsDOMEventTargetWrapperCache fails to unlink inherited fields

RESOLVED FIXED

Status

()

Product:
Core
Component:
DOM
RESOLVED FIXED
Reported:
6 years ago
Modified:
6 years ago

People

(Reporter: mccr8, Assigned: smaug)

Tracking

Version:
Other Branch
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

Attachments

(1 attachment)

patch
1.17 KB, patch
Ben Turner (not reading bugmail, use the needinfo flag!)
: review+
Details | Diff | Splinter Review
(Reporter)

Description

6 years ago 
In content/base/src/nsDOMEventTargetWrapperCache.cpp:

NS_IMPL_CYCLE_COLLECTION_TRAVERSE_BEGIN_INHERITED(nsDOMEventTargetWrapperCache,
                                                  nsDOMEventTargetHelper)
  NS_IMPL_CYCLE_COLLECTION_TRAVERSE_SCRIPT_OBJECTS
NS_IMPL_CYCLE_COLLECTION_TRAVERSE_END

NS_IMPL_CYCLE_COLLECTION_UNLINK_BEGIN(nsDOMEventTargetWrapperCache)
  NS_IMPL_CYCLE_COLLECTION_UNLINK_PRESERVED_WRAPPER
NS_IMPL_CYCLE_COLLECTION_UNLINK_END

The Traverse function calls its parent's traverse, but Unlink does not.

This results in 3 fields not being unlinked:

Unrefed fields in nsDOMEventTargetWrapperCache::cycleCollection::Unlink(void*):
  (/home/amccreight/tm/content/base/src/nsDOMEventTargetWrapperCache.cpp:61:1)
    nsDOMEventTargetHelper::mListenerManager
    nsDOMEventTargetHelper::mOwner
    nsDOMEventTargetHelper::mScriptContext

Found using my cycle collector static analysis.
 (Reporter)

Updated

6 years ago
Blocks: 423032
 (Assignee)

Updated

6 years ago
Assignee: nobody → Olli.Pettay
 (Assignee)

Comment 1

6 years ago 
Created attachment 549179 [details] [diff] [review]
patch
Attachment #549179 - Flags: review?(bent.mozilla)
Attachment #549179 - Flags: review?(bent.mozilla) → review+
 (Assignee)

Comment 2

6 years ago 
http://hg.mozilla.org/mozilla-central/rev/45caaf30e1fe
Status: NEW → RESOLVED
Last Resolved: 6 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.