mirror of
https://github.com/mozilla/gecko-dev.git
synced 2024-10-24 02:35:41 +00:00
0507792161
JSStackFrames are C++ objects that are exposed to chrome JS and keep alive content JS. This means that if chrome JS leaks a stack frame then a window can be leaked. The basic idea of this patch is to think of JSStackFrames as cross-compartment wrappers, and do a "hueyfix" on them by dropping the content JS reference when the associated content window is closed. To do that, this patch modifies the realm private to keep a list of all live JSStackFrames that have been created with objects in that realm. When we nuke that realm, we also clear out all of the JS pointers from the registered stack frames on that realm. This adds a hash table lookup to the JSStackFrame ctor and dtor, which is hopefully not too much overhead. The test works by intentionally leaking a JSStackFrame from chrome JS and making sure that the window still goes away. Differential Revision: https://phabricator.services.mozilla.com/D14880 --HG-- extra : moz-landing-system : lando |
||
---|---|---|
.. | ||
browser_consoleStack.html | ||
browser_dead_object.js | ||
browser_deadObjectOnUnload.html | ||
browser_exception_leak.js | ||
browser.ini | ||
moz.build |