From 1e5f75e727c5879a8a7403e7d878646e86254018 Mon Sep 17 00:00:00 2001 From: "jst%netscape.com" Date: Tue, 17 Oct 2000 21:19:26 +0000 Subject: [PATCH] Fixing rtm++ bug 54121. Make sure to unroot the JS object before setting the script object to null to avoid referencing deleted memory later on in the GC. Thanks to sean@beatnik.com for testing and helping with the patch. a=waterson, r=brendan --- content/html/content/src/nsHTMLEmbedElement.cpp | 8 ++++++++ layout/html/content/src/nsHTMLEmbedElement.cpp | 8 ++++++++ 2 files changed, 16 insertions(+) diff --git a/content/html/content/src/nsHTMLEmbedElement.cpp b/content/html/content/src/nsHTMLEmbedElement.cpp index ba3a8f665985..6a053b8c20fd 100644 --- a/content/html/content/src/nsHTMLEmbedElement.cpp +++ b/content/html/content/src/nsHTMLEmbedElement.cpp @@ -348,6 +348,14 @@ nsHTMLEmbedElement::GetScriptObject(nsIScriptContext* aContext, // don't cache it so that the next call can get the correct script object // if the plugin instance is available at the next call. if (NS_FAILED(rv)) { + if (mInner.mDocument) { + // Since we're resetting the script object to null we'll remove the + // reference to it so that we won't add the same named reference + // again the next time someone requests the script object. + aContext->RemoveReference((void *)&mInner.mDOMSlots->mScriptObject, + mInner.mDOMSlots->mScriptObject); + } + mInner.SetScriptObject(nsnull); *aScriptObject = elementObject; diff --git a/layout/html/content/src/nsHTMLEmbedElement.cpp b/layout/html/content/src/nsHTMLEmbedElement.cpp index ba3a8f665985..6a053b8c20fd 100644 --- a/layout/html/content/src/nsHTMLEmbedElement.cpp +++ b/layout/html/content/src/nsHTMLEmbedElement.cpp @@ -348,6 +348,14 @@ nsHTMLEmbedElement::GetScriptObject(nsIScriptContext* aContext, // don't cache it so that the next call can get the correct script object // if the plugin instance is available at the next call. if (NS_FAILED(rv)) { + if (mInner.mDocument) { + // Since we're resetting the script object to null we'll remove the + // reference to it so that we won't add the same named reference + // again the next time someone requests the script object. + aContext->RemoveReference((void *)&mInner.mDOMSlots->mScriptObject, + mInner.mDOMSlots->mScriptObject); + } + mInner.SetScriptObject(nsnull); *aScriptObject = elementObject;