Closed
Bug 750424
Opened 13 years ago
Closed 13 years ago
nsXULPrototypeNode::Release should add itself to the purple buffer
Categories
(Core :: XUL, defect)
Core
XUL
Tracking
()
RESOLVED
FIXED
mozilla15
People
(Reporter: billm, Assigned: billm)
References
Details
(Whiteboard: [qa-])
Attachments
(1 file, 1 obsolete file)
8.17 KB,
patch
|
smaug
:
review+
lsblakk
:
approval-mozilla-aurora+
lsblakk
:
approval-mozilla-beta+
|
Details | Diff | Splinter Review |
This can cause memory leaks when there's a C++-only cycle and an nsXULPrototypeNode is the last thing to be released. I fixed it by converting nsXULPrototypeNode to be an nsISupports.
I'm not sure if the nsRefPtr -> nsCOMPtr conversion is necessary or good. I just noticed that we have macros for easily traversing nsCOMPtrs but not nsRefPtrs.
Attachment #619655 -
Flags: review?(bugs)
Comment 1•13 years ago
|
||
Did you mean to include flipping the incremental pref?
IIRC, you should only use nsCOMPtrs for interfaces. I'm not sure why exactly...
Component: XPCOM → XUL
OS: Linux → All
QA Contact: xpcom → xptoolkit.widgets
Hardware: x86_64 → All
Version: unspecified → Trunk
Comment 2•13 years ago
|
||
> I'm not sure why exactly...
nsCOMPtr<T> asserts certain things about QI to NS_GET_IID(T). So if you use it on an interface, those asserts are somewhere between "misleading" and "wrong".
Comment 3•13 years ago
|
||
I mean "a non-interface".
Comment 4•13 years ago
|
||
It looks like you should be able to use NS_IMPL_CYCLE_COLLECTION_TRAVERSE_NSCOMPTR for a ref ptr. It just does a get() on the field.
NS_CYCLE_COLLECTION_NOTE_EDGE_NAME(cb, #_field); \
cb.NoteXPCOMChild(tmp->_field.get()); \
Assignee | ||
Comment 5•13 years ago
|
||
OK, fixed all that stuff.
Attachment #619655 -
Attachment is obsolete: true
Attachment #619655 -
Flags: review?(bugs)
Attachment #619660 -
Flags: review?(bugs)
Comment 6•13 years ago
|
||
Comment on attachment 619660 [details] [diff] [review]
fix v2
> for (i = 0; i < elem->mChildren.Length(); ++i) {
>- NS_IMPL_CYCLE_COLLECTION_TRAVERSE_NATIVE_PTR(elem->mChildren[i].get(),
>- nsXULPrototypeNode,
>- "mChildren[i]")
>+ NS_CYCLE_COLLECTION_NOTE_EDGE_NAME(cb, "mChildren[i]");
>+ cb.NoteXPCOMChild(elem->mChildren[i].get());
Do you really need .get() here?
Attachment #619660 -
Flags: review?(bugs) → review+
Assignee | ||
Comment 7•13 years ago
|
||
Target Milestone: --- → mozilla15
Comment 8•13 years ago
|
||
This was the only user of the NS_DECL_CYCLE_COLLECTION_SCRIPT_HOLDER_NATIVE_CLASS macro, so it should probably be removed at some point.
Comment 9•13 years ago
|
||
Can we add assertions or analyses to catch bugs like this before they show up as leaks?
Comment 10•13 years ago
|
||
This is a problem for all native cycle collected classes:
http://mxr.mozilla.org/mozilla-central/ident?i=NS_DECL_CYCLE_COLLECTION_NATIVE_CLASS&filter=
I'm not sure why we don't see this more often. Anyways, I filed bug 750570 to about fixing it.
Comment 11•13 years ago
|
||
Status: NEW → RESOLVED
Closed: 13 years ago
Resolution: --- → FIXED
Comment 13•13 years ago
|
||
Is this worth porting to older branches? Are nsXULPrototypeNodes ever freed except at shutdown? If they are only freed at shutdown, it doesn't really seem worth doing.
Bug 723832 is tracking-firefox13+ and is duped here.
status-firefox13:
--- → affected
status-firefox14:
--- → affected
tracking-firefox13:
--- → ?
tracking-firefox14:
--- → ?
Comment on attachment 619660 [details] [diff] [review]
fix v2
I think we should take this on the branches.
[Approval Request Comment]
Regression caused by (bug #): The leaks only showed up with the new tab page, but the problem has been there for a while.
User impact if declined: Leaks
Testing completed (on m-c, etc.): Been on m-c for several days.
Risk to taking this patch (and alternatives if risky): Low risk
String changes made by this patch: N/A
Attachment #619660 -
Flags: approval-mozilla-beta?
Attachment #619660 -
Flags: approval-mozilla-aurora?
Updated•13 years ago
|
Comment 16•13 years ago
|
||
Comment on attachment 619660 [details] [diff] [review]
fix v2
Low risk, stops some leakage - go ahead.
Attachment #619660 -
Flags: approval-mozilla-beta?
Attachment #619660 -
Flags: approval-mozilla-beta+
Attachment #619660 -
Flags: approval-mozilla-aurora?
Attachment #619660 -
Flags: approval-mozilla-aurora+
Comment 17•13 years ago
|
||
Can we land the fix today in preparation for tomorrow's beta go to build?
Comment 19•12 years ago
|
||
Is there something QA can do to verify this fix?
Comment 20•12 years ago
|
||
nope
You need to log in
before you can comment on or make changes to this bug.
Description
•