Closed Bug 83902 Opened 23 years ago Closed 23 years ago

script security manager leaks self and pref service (cycle)

Categories

(Core :: Security: CAPS, defect, P1)

Product:
Core
Component:
Security: CAPS
Type:
defect

Tracking

()

Status:
VERIFIED FIXED
Milestone:
mozilla0.9.4

People

(Reporter: dbaron, Assigned: security-bugs)

References

Details

(Keywords: memory-leak, Whiteboard: [tind-mlk] patch)

Attachments

(1 file)

Patch - use weak refs for all prefs interfaces in nsScriptSecurityManager
19.14 KB, patch
Details | Diff | Splinter Review 
The script security manager creates a strong reference cycle between itself and
the pref service causing both to leak.  In nsScriptSecurityManager::InitPrefs it
gets an owning pointer to the pref service |mPrefService| and then adds itself
as a pref observer which creates an owning reference the other way around.
Keywords: mlk
Whiteboard: [tind-mlk]
Having the security manager explicitly release the pref service (set the comptr
to null) in its dtor should fix this, right?
Status: NEW → ASSIGNED
How is the dtor going to be called?  (It's released already in the dtor.)
Need this for 0.9.2
Target Milestone: --- → mozilla0.9.2
David, any suggestions? Should I use a weak reference to hold the pref service,
or is that too much trouble?
I'm not really sure what a good way to fix this would be.
After a quick look, I'm wondering if you're getting a double addref when you
create the service. Once because it's a nsCOMPtr in the object, and once because
you call do_GetService on it. cc'ing alecf 'cause he understands this *much*
better than I :).

The simplest thing to do is probably to not save the service reference at all.
Just get the service into a local nsCOMPtr in InitPrefs, and then do it again in
SavePrincipal.
for my own reference:
http://lxr.mozilla.org/seamonkey/source/caps/src/nsScriptSecurityManager.cpp#214
1

probably the best idea here is to use a weak reference to hold onto the prefs 
branch..then the branch will go away, and release the script security manager...
oh, but no you're not doing a double addref with do_GetService - I think 
do_GetService ONLY works for nsCOMPtr's in fact.
Is PrefBranch causing this circular reference, or only PrefService? If it's only
PrefService, no problem, I don't really need to cache that. Does the holding of
PrefBranch by SecurityManager cause a cycle too?
Depends on: 86107
Priority: -- → P1
Target Milestone: mozilla0.9.2 → mozilla0.9.3
Adding nsBranch keyword as these bugs need to get into RTM.
Keywords: nsBranch
The patch above fixes the memory leak but causes the warning
"nsJSRuntimeService is missing" to fire at nsPrefService.cpp:724, and the
"Runtime mismatch, so leaking context!" message at prefapi.c:422. Brian, could
you help me debug this? The pref service was not being destroyed before. With
this patch, it is being destroyed, but it look as though nsIJSRuntimeService has
already been destroyed when the nsIPrefService dtor asks for it, which causes
that assertion I'm seeing.
The "runtime mismatch, so leaking context" message has been around for a while.
 See bug 76288.
Ah, so the reference cycle was just hiding that context leak?
Yes. As dbaron noted, this has been around for a while now. I thought it showed
up whenever you quit the application, but that may have changed now that we've
eliminated a few other leak cycles.

It's not your fault, so don't worry about it. Though this may raise the level of
importance on getting a fix for bug 76288.
Whiteboard: [tind-mlk] → [tind-mlk] patch
Target is now 0.9.4, Priority P1.
Target Milestone: mozilla0.9.3 → mozilla0.9.4
I'm not qualified to review the GetBaseURIScheme stuff (in which I 
include the changes at places that call it and the targetURI/aTargetURI
change), but r=dbaron for the rest, with the following comment:

This:
     mPrefBranchWeakRef = getter_AddRefs(NS_GetWeakReference(prefBranch));
is better written as:
     mPrefBranchWeakRef = do_GetWeakReference(prefBranch);


I also tested the patch (after manually patching some parts that patch 
didn't want to patch) and along with the patch in bug 76288 and the
patch in bug 93087 we're not leaking pref stuff anymore.

Fix checked in.
Status: ASSIGNED → RESOLVED
Closed: 23 years ago
Resolution: --- → FIXED
Verified on 2001-09-19-03 build on WinNT

Marking verified as per above developer comments.

Changing the QA contact to bsharma@netscape.com
Status: RESOLVED → VERIFIED
QA Contact: ckritzer → bsharma
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: