Open
Bug 860482
Opened 12 years ago
Updated 2 years ago
Leak with document navigation, iframes, fragments
Categories
(Core :: DOM: Navigation, defect)
Tracking
()
NEW
People
(Reporter: jruderman, Unassigned)
Details
(Keywords: memory-leak, regression, testcase, Whiteboard: [MemShrink:P2])
Attachments
(2 files)
1. XPCOM_MEM_LEAK_LOG=2 firefox nav-leak.html
(or otherwise load the testcase as the first item in a tab)
2. Quit Firefox
Trace-refcnt reports leaked nsDocShell, nsDocument, nsGlobalWindow.
This seems to be a regression from http://hg.mozilla.org/mozilla-central/rev/b695e94363b5 (bug 825544). Which is fun because all that did was back out bug 754029 and its followups. I haven't checked whether the new patch in bug 754029 fixes this leak.
|
Reporter | |
Updated•12 years ago
|
Attachment #735968 -
Attachment description: testcase (must be loaded as the first in a tab) → testcase (must be local; must be loaded as the first in a tab)
|
||
Comment 1•12 years ago
|
||
(In reply to Jesse Ruderman from comment #0)
> I haven't checked whether the new patch in bug 754029 fixes this leak.
The new one also seem to (superficially) fix the mlk in my tree. However, attachment 735968 [details] contains several problematic factors in addition to mlk.
Is this intended behavior?
|
|
Reporter | |
Comment 2•12 years ago
|
||
I felt the same way. Why does the final "window.history.back();" cause the entire testcase to reload, rather than just affecting the frame or at most the main doc's hash?
|
|
||
Comment 3•12 years ago
|
||
(In reply to Jesse Ruderman from comment #2)
> I felt the same way. Why does the final "window.history.back();" cause the
> entire testcase to reload, rather than just affecting the frame or at most
> the main doc's hash?
Maybe the initial session history entry doesn't have bfcache/scroll-position because loading hasn't finished on #hash change.
Keywords: csec-disclosure
|
|
||
Updated•12 years ago
|
Keywords: csec-disclosure
|
|
Reporter | |
Comment 4•11 years ago
|
||
My DOM fuzzer will ignore leaks with frames or history until this is fixed.
Whiteboard: [MemShrink]
|
|
Reporter | |
Comment 5•11 years ago
|
||
... except when it outsmarts me, like it did with bug 886213.
|
||
Updated•11 years ago
|
Assignee: nobody → bugs
|
|
||
Comment 7•11 years ago
|
||
(I have been debugging this, but haven't found the cause yet.)
|
|
Reporter | |
Comment 8•9 years ago
|
||
Still leaks on trunk. Prevents me from checking for leaks in testcases that use frames, history, or <object>.
Whiteboard: [MemShrink:P2] → [MemShrink:P2][fuzzblocker:leaks]
|
||
Updated•9 years ago
|
Assignee: bugs → continuation
|
|
||
Comment 9•9 years ago
|
||
I'm using DMD heap scanning to investigate this. I found the first problem: nsGlobalWindow::mLocation is not reported to the cycle collector. This alone, however, does not fix the leak.
|
|
||
Comment 10•6 years ago
|
||
I should look at this again at some point. FWIW, nsGlobalWindowInner::mLocation is now being reported to the CC.
|
|
||
Comment 11•2 years ago
|
||
Unfortunately I haven't had time to look at this recently. I'll clear the fuzzblocker tag as I don't think whatever old fuzzing effort that was for is happening anyways.
Assignee: continuation → nobody
Whiteboard: [MemShrink:P2][fuzzblocker:leaks] → [MemShrink:P2]
|
||
Updated•2 years ago
|
Severity: normal → S3
You need to log in
before you can comment on or make changes to this bug.
Description
•