Closed Bug 674658 Opened 9 years ago Closed 9 years ago

nsDOMEventTargetWrapperCache fails to unlink inherited fields

Categories

(Core :: DOM: Core & HTML, defect)

Product:
Core
Component:
DOM: Core & HTML
Version:
Other Branch
Type:
defect
Priority:
Not set

Tracking

()

Status:
RESOLVED FIXED

People

(Reporter: mccr8, Assigned: smaug)

References

Details

Attachments

(1 file)

patch
1.17 KB, patch
bent.mozilla
: review+
Details | Diff | Splinter Review 
In content/base/src/nsDOMEventTargetWrapperCache.cpp:

NS_IMPL_CYCLE_COLLECTION_TRAVERSE_BEGIN_INHERITED(nsDOMEventTargetWrapperCache,
                                                  nsDOMEventTargetHelper)
  NS_IMPL_CYCLE_COLLECTION_TRAVERSE_SCRIPT_OBJECTS
NS_IMPL_CYCLE_COLLECTION_TRAVERSE_END

NS_IMPL_CYCLE_COLLECTION_UNLINK_BEGIN(nsDOMEventTargetWrapperCache)
  NS_IMPL_CYCLE_COLLECTION_UNLINK_PRESERVED_WRAPPER
NS_IMPL_CYCLE_COLLECTION_UNLINK_END

The Traverse function calls its parent's traverse, but Unlink does not.

This results in 3 fields not being unlinked:

Unrefed fields in nsDOMEventTargetWrapperCache::cycleCollection::Unlink(void*):
  (/home/amccreight/tm/content/base/src/nsDOMEventTargetWrapperCache.cpp:61:1)
    nsDOMEventTargetHelper::mListenerManager
    nsDOMEventTargetHelper::mOwner
    nsDOMEventTargetHelper::mScriptContext

Found using my cycle collector static analysis.
Blocks: 423032
Assignee: nobody → Olli.Pettay
Attached patch patchSplinter Review
Attachment #549179 - Flags: review?(bent.mozilla)
Attachment #549179 - Flags: review?(bent.mozilla) → review+
http://hg.mozilla.org/mozilla-central/rev/45caaf30e1fe
Status: NEW → RESOLVED
Closed: 9 years ago
Resolution: --- → FIXED
Component: DOM → DOM: Core & HTML
You need to log in before you can comment on or make changes to this bug.