Closed
Bug 83902
Opened 23 years ago
Closed 23 years ago
script security manager leaks self and pref service (cycle)
Categories
(Core :: Security: CAPS, defect, P1)
Core
Security: CAPS
Tracking
()
VERIFIED
FIXED
mozilla0.9.4
People
(Reporter: dbaron, Assigned: security-bugs)
References
Details
(Keywords: memory-leak, Whiteboard: [tind-mlk] patch)
Attachments
(1 file)
The script security manager creates a strong reference cycle between itself and the pref service causing both to leak. In nsScriptSecurityManager::InitPrefs it gets an owning pointer to the pref service |mPrefService| and then adds itself as a pref observer which creates an owning reference the other way around.
Assignee | ||
Comment 1•23 years ago
|
||
Having the security manager explicitly release the pref service (set the comptr to null) in its dtor should fix this, right?
Status: NEW → ASSIGNED
Reporter | ||
Comment 2•23 years ago
|
||
How is the dtor going to be called? (It's released already in the dtor.)
Assignee | ||
Comment 4•23 years ago
|
||
David, any suggestions? Should I use a weak reference to hold the pref service, or is that too much trouble?
Reporter | ||
Comment 5•23 years ago
|
||
I'm not really sure what a good way to fix this would be.
Comment 6•23 years ago
|
||
After a quick look, I'm wondering if you're getting a double addref when you create the service. Once because it's a nsCOMPtr in the object, and once because you call do_GetService on it. cc'ing alecf 'cause he understands this *much* better than I :). The simplest thing to do is probably to not save the service reference at all. Just get the service into a local nsCOMPtr in InitPrefs, and then do it again in SavePrincipal.
Comment 7•23 years ago
|
||
for my own reference: http://lxr.mozilla.org/seamonkey/source/caps/src/nsScriptSecurityManager.cpp#214 1 probably the best idea here is to use a weak reference to hold onto the prefs branch..then the branch will go away, and release the script security manager...
Comment 8•23 years ago
|
||
oh, but no you're not doing a double addref with do_GetService - I think do_GetService ONLY works for nsCOMPtr's in fact.
Assignee | ||
Comment 9•23 years ago
|
||
Is PrefBranch causing this circular reference, or only PrefService? If it's only PrefService, no problem, I don't really need to cache that. Does the holding of PrefBranch by SecurityManager cause a cycle too?
Assignee | ||
Updated•23 years ago
|
Priority: -- → P1
Target Milestone: mozilla0.9.2 → mozilla0.9.3
Assignee | ||
Comment 10•23 years ago
|
||
Adding nsBranch keyword as these bugs need to get into RTM.
Keywords: nsBranch
Assignee | ||
Comment 11•23 years ago
|
||
Assignee | ||
Comment 12•23 years ago
|
||
The patch above fixes the memory leak but causes the warning "nsJSRuntimeService is missing" to fire at nsPrefService.cpp:724, and the "Runtime mismatch, so leaking context!" message at prefapi.c:422. Brian, could you help me debug this? The pref service was not being destroyed before. With this patch, it is being destroyed, but it look as though nsIJSRuntimeService has already been destroyed when the nsIPrefService dtor asks for it, which causes that assertion I'm seeing.
Reporter | ||
Comment 13•23 years ago
|
||
The "runtime mismatch, so leaking context" message has been around for a while. See bug 76288.
Assignee | ||
Comment 14•23 years ago
|
||
Ah, so the reference cycle was just hiding that context leak?
Comment 15•23 years ago
|
||
Yes. As dbaron noted, this has been around for a while now. I thought it showed up whenever you quit the application, but that may have changed now that we've eliminated a few other leak cycles. It's not your fault, so don't worry about it. Though this may raise the level of importance on getting a fix for bug 76288.
Assignee | ||
Updated•23 years ago
|
Whiteboard: [tind-mlk] → [tind-mlk] patch
Assignee | ||
Comment 16•23 years ago
|
||
Target is now 0.9.4, Priority P1.
Target Milestone: mozilla0.9.3 → mozilla0.9.4
Reporter | ||
Comment 17•23 years ago
|
||
I'm not qualified to review the GetBaseURIScheme stuff (in which I include the changes at places that call it and the targetURI/aTargetURI change), but r=dbaron for the rest, with the following comment: This: mPrefBranchWeakRef = getter_AddRefs(NS_GetWeakReference(prefBranch)); is better written as: mPrefBranchWeakRef = do_GetWeakReference(prefBranch); I also tested the patch (after manually patching some parts that patch didn't want to patch) and along with the patch in bug 76288 and the patch in bug 93087 we're not leaking pref stuff anymore.
Assignee | ||
Comment 18•23 years ago
|
||
Fix checked in.
Status: ASSIGNED → RESOLVED
Closed: 23 years ago
Resolution: --- → FIXED
Comment 19•23 years ago
|
||
Verified on 2001-09-19-03 build on WinNT Marking verified as per above developer comments. Changing the QA contact to bsharma@netscape.com
Status: RESOLVED → VERIFIED
QA Contact: ckritzer → bsharma
You need to log in
before you can comment on or make changes to this bug.
Description
•