Ghostery 2.6.2 and 2.7beta2 cause zombie compartments

VERIFIED FIXED

Status

()

Firefox
Extension Compatibility
VERIFIED FIXED
5 years ago
5 years ago

People

(Reporter: whimboo, Unassigned)

Tracking

(Blocks: 1 bug)

11 Branch
All
Mac OS X
Points:
---
Dependency tree / graph

Firefox Tracking Flags

(Not tracked)

Details

(Whiteboard: [MemShrink:P2], URL)

(Reporter)

Description

5 years ago
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:11.0a2) Gecko/20120113 Firefox/11.0a2 ID:20120113042010

With Ghostery 2.6.2 you will see a zombie compartment after closing mediamarkt.de:

1. Install Ghostery: https://addons.mozilla.org/firefox/addon/ghostery/
2. Click through the wizard by using default options, but select the last to checkboxes to always block content and cookies
3. Open about:memory
4. Open http://www.mediamarkt.de in a new tab
5. Close that tab
6. Click several times on minimize memory usage

After step 6 the mediamarkt compartment never gets removed.

│  ├───3,638,160 B (03.94%) -- compartment(http://www.mediamarkt.de/)
│  │   ├──2,433,024 B (02.64%) -- gc-heap
│  │   │  ├──1,278,120 B (01.38%) -- arena
│  │   │  │  ├──1,241,336 B (01.34%) -- unused
│  │   │  │  ├─────19,008 B (00.02%) -- headers
│  │   │  │  └─────17,776 B (00.02%) -- padding
│  │   │  ├────437,664 B (00.47%) -- objects
│  │   │  │    ├──291,392 B (00.32%) -- function
│  │   │  │    └──146,272 B (00.16%) -- non-function
│  │   │  ├────331,848 B (00.36%) -- shapes
│  │   │  │    ├──163,000 B (00.18%) -- tree
│  │   │  │    ├──132,000 B (00.14%) -- dict
│  │   │  │    └───36,848 B (00.04%) -- base
│  │   │  ├────299,488 B (00.32%) -- scripts
│  │   │  ├─────81,072 B (00.09%) -- type-objects
│  │   │  └──────4,832 B (00.01%) -- strings
│  │   ├────347,136 B (00.38%) -- script-data
│  │   ├────327,680 B (00.35%) -- mjit-code
│  │   ├────293,216 B (00.32%) -- shapes-extra
│  │   │    ├──150,720 B (00.16%) -- tree-tables
│  │   │    ├───69,568 B (00.08%) -- dict-tables
│  │   │    ├───40,096 B (00.04%) -- tree-shape-kids
│  │   │    └───32,832 B (00.04%) -- compartment-tables
│  │   ├─────96,944 B (00.10%) -- type-inference
│  │   │     ├──73,568 B (00.08%) -- object-main
│  │   │     └──23,376 B (00.03%) -- tables
│  │   ├─────76,912 B (00.08%) -- object-slots
│  │   ├─────57,504 B (00.06%) -- analysis-temporary
│  │   └──────5,744 B (00.01%) -- string-chars


Also there is another entry under window objects:

│        └────1,392 B (00.00%) -- other
│             ├────696 B (00.00%) -- outer-windows
│             └────696 B (00.00%) -- top=none
│                  └──696 B (00.00%) -- inner-window(id=24, uri=http://www.mediamarkt.de/)
(Reporter)

Comment 1

5 years ago
I also have added a Ghostery bug tracker entry at:
http://getsatisfaction.com/ghostery/topics/zombie_compartment_memory_leak_with_ghostery_2_6_2_installed
Blocks: 700547, 668871
Whiteboard: [MemShrink]
(Reporter)

Comment 2

5 years ago
Hm, as given by the following URL they are doing that by purpose:

http://getsatisfaction.com/ghostery/topics/is_ghostery_creating_a_zombie_compartment

Comment 3

5 years ago
(In reply to Henrik Skupin (:whimboo) from comment #2)
> Hm, as given by the following URL they are doing that by purpose:
> 
> http://getsatisfaction.com/ghostery/topics/
> is_ghostery_creating_a_zombie_compartment

In that post I was asking about permanent workers() under dom instead of the usual zombie compartments that appear under js. That may be a different issue.
However I cannot reproduce a zombie compartment in Nightly with Ghostery 2.7beta2.
I can reproduce easily with Ghostery 2.6.2 and 2.7beta2.

I got zombie compartments for the following sites:

Site                       compartment(s)
----                       --------------
http://www.mediamarkt.de   http://www.mediamarkt.de
http://www.bbc.co.uk/      http://www.bbc.co.uk/
http://www.nytimes.com/    http://www.nytimes.com/
http://techcrunch.com/     http://techcrunch.com/ and 
                           http://platform.twitter.com/widgets/hub.1326407570.html.

Sometimes one site's zombie(s) was replaced by a subsequent site's zombie(s), but sometimes I'd have zombies from two sites concurrently.  I couldn't determine a pattern underlying this.  I bet a window object or DOM node is being held onto after the page has closed.

Ghostery is the #46 most popular add-on on AMO, with 440,000 users, many of whom I'd expect to be security-conscious, technically-capable and thus more influential than average.
(Reporter)

Updated

5 years ago
Summary: Zombie compartment on mediamarkt.de with Ghostery 2.6.2 installed → Zombie compartments for websites with Ghostery 2.6.2 installed
Summary: Zombie compartments for websites with Ghostery 2.6.2 installed → Ghostery 2.6.2 and 2.7beta2 cause zombie compartments

Comment 5

5 years ago
I can now reproduce it by enabling "Show Alert Bubble" in the advanced option.
(Reporter)

Comment 6

5 years ago
There is another website for testing: http://www.rdio.com/devices/sonos/
Whiteboard: [MemShrink] → [MemShrink:P2]
I just emailed the authors (listed on the AMO page) and pointed them at this bug.
Good news!  Adam DeMartino just responded to my email:

"Thanks for alerting us and for linking back the the thread. I've let our engineers know and it's a priority for us. Please let me know if you all make any more progress or notice something else!"

Comment 9

5 years ago
Hi gents, I am the dev for Ghostery.

Is there a way to actually trace what the about:memory is bound to in terms of actual code?  The testing steps are useful to reproduce the effect, but it gives me no clues as to where in the code this is occurring or which resource is not being released...
> Is there a way to actually trace what the about:memory is bound to in terms
> of actual code?  The testing steps are useful to reproduce the effect, but
> it gives me no clues as to where in the code this is occurring or which
> resource is not being released...

https://bugzilla.mozilla.org/show_bug.cgi?id=zombiehunter is a start on such a tool, but it's not very far advanced.

Other than that, the advice in https://developer.mozilla.org/en/Zombie_Compartments#Avoiding_zombie_compartments_in_add-ons is the best we can give you... sorry :/

Comment 11

5 years ago
Hi all, there is a fix in the next release of Ghostery for this issue. Its scheduled for this or next week.  Thanks!
Great!  Is that new version available for testing?  Are you able to explain what was the cause of the leak and how you fixed it?  I've been working on https://developer.mozilla.org/en/Extensions/Common_causes_of_memory_leaks_in_extensions so it'd be nice to know if it covers your case.  Thanks.

Comment 13

5 years ago
Hi Nicholas, I haven't released the new version yet, its going to be out for testing in a few days.  The issue here was that I assigned a function that lived in chrome to an element id that would get injected into DOM. Heres a sample of what happened:

chrome:
ghostery.bubble.id = function() {return "ghostery-bubble-" + Math.random(); }

then an injection into dom:
				anchor  = doc.createElement('div');

				// Style Definition of message bubble
				anchor.id = ghostery.bubble.id;
				anchor.style.display = "block";
				anchor.style.opacity = "0.9";
				anchor.style.filter = "alpha(opacity=90)";
				anchor.style.position = "fixed";
				anchor.style.zIndex = "2147483647";

Once I replaced the id with a regular string, everything was working correctly, and the zombie went away...
Felix, thanks for the info.  I'm still getting my head around add-on leaks, but that example surprises me, because you added a reference from content to chrome, and I don't understand how that would cause a content compartment to leak.  Normally it is references from chrome to content that cause problems.  I'll ask some more knowledgeable people about this.
Nicholas, we believe that bug 727413 had a similar problem (references from content to chrome).
(Reporter)

Comment 16

5 years ago
Anything left to do here or can we close the bug given that the leak has been fixed in Ghostery?
(In reply to Henrik Skupin (:whimboo) from comment #16)
> Anything left to do here or can we close the bug given that the leak has
> been fixed in Ghostery?

It'd be good to confirm the fix.
(Reporter)

Comment 18

5 years ago
Well, I can't reproduce it anymore. So let it called fixed.
Status: NEW → RESOLVED
Last Resolved: 5 years ago
Resolution: --- → FIXED

Comment 19

5 years ago
What version of Ghostery is this fixed in?
According to our latest code review, version 2.7.1 still leaks, which is the latest public version available on AMO.

STR:
- Open, wait for load and close test.de
- about:memory shows leaked compartment and window
Status: RESOLVED → REOPENED
Resolution: FIXED → ---

Comment 21

5 years ago
This issue is addressed in Ghostery 2.7.2 which is currently being tested and will be submitted to AMO once internal QA releases it. Ghostery dev channel has the beta uploaded, please use that for verification.
2.7.2 has been approved on AMO; the zombie compartments are fixed.
Status: REOPENED → RESOLVED
Last Resolved: 5 years ago5 years ago
Resolution: --- → FIXED
(Reporter)

Updated

5 years ago
Duplicate of this bug: 733702
(Reporter)

Comment 24

5 years ago
Thanks Andrew. I have updated Ghostery to 2.7.2 now and went through all the sites mentioned in this bug report. None of those leave zombie compartments behind anymore. Thanks for fixing it! Marking as verified fixed.
Status: RESOLVED → VERIFIED
(In reply to Henrik Skupin (:whimboo) from comment #24)
> Thanks Andrew. I have updated Ghostery to 2.7.2 now and went through all the
> sites mentioned in this bug report. None of those leave zombie compartments
> behind anymore. Thanks for fixing it! Marking as verified fixed.

BTW, I didn't fix it - I just reviewed in on AMO :)  The credit would be to the Ghostery devs really.
You need to log in before you can comment on or make changes to this bug.