mirror of
https://github.com/mozilla/gecko-dev.git
synced 2024-10-12 12:55:46 +00:00
Fixing leak bug 317478. This leak was due to the global scope polluter ending up on the inner window's 'real' prototype's proto chain, which would have been fine except for the fact that it was never removed from there so through it we ended up holding too much alive for too long. r=mrbkap@gmail.com, sr=bzbarsky@mit.edu. Thanks to dbaron for tracking this down.
This commit is contained in:
parent
7b0eff94a0
commit
1b82bbff91
@ -1131,12 +1131,6 @@ nsGlobalWindow::SetNewDocument(nsIDOMDocument* aDocument,
|
||||
mInnerWindow = newInnerWindow;
|
||||
}
|
||||
|
||||
if ((!reUseInnerWindow || newDoc != oldDoc) && !aState) {
|
||||
nsCOMPtr<nsIHTMLDocument> html_doc(do_QueryInterface(mDocument));
|
||||
nsWindowSH::InstallGlobalScopePolluter(cx, newInnerWindow->mJSObject,
|
||||
html_doc);
|
||||
}
|
||||
|
||||
if (!aState && !reUseInnerWindow) {
|
||||
// Loading a new page and creating a new inner window, *not*
|
||||
// restoring from session history.
|
||||
@ -1183,6 +1177,23 @@ nsGlobalWindow::SetNewDocument(nsIDOMDocument* aDocument,
|
||||
::JS_SetPrototype(cx, proto, innerProtoProto);
|
||||
}
|
||||
|
||||
// Now that the prototype is all set up, install the global scope
|
||||
// polluter. This must happen after the above prototype fixup. If
|
||||
// the GSP was to be installed on the inner window's real
|
||||
// prototype (as it would be if this was done before the prototype
|
||||
// fixup above) we would end up holding the GSP alive (through
|
||||
// XPConnect's internal marking of wrapper prototypes) as long as
|
||||
// the inner window was around, and if the GSP had properties on
|
||||
// it that held an element alive we'd hold the document alive,
|
||||
// which could hold event handlers alive, which hold the context
|
||||
// alive etc.
|
||||
|
||||
if ((!reUseInnerWindow || newDoc != oldDoc) && !aState) {
|
||||
nsCOMPtr<nsIHTMLDocument> html_doc(do_QueryInterface(mDocument));
|
||||
nsWindowSH::InstallGlobalScopePolluter(cx, newInnerWindow->mJSObject,
|
||||
html_doc);
|
||||
}
|
||||
|
||||
if (aState) {
|
||||
// Restoring from session history.
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user