[tbb-bugs] #29334 [Applications/Tor Browser]: Exception when running the garbage collection during new identity
Tor Bug Tracker & Wiki
blackhole at torproject.org
Tue Feb 5 09:59:48 UTC 2019
#29334: Exception when running the garbage collection during new identity
-------------------------------------+-------------------------------------
Reporter: gk | Owner: tbb-team
Type: defect | Status: new
Priority: Medium | Milestone:
Component: Applications/Tor | Version:
Browser | Keywords: tbb-torbutton, tbb-
Severity: Normal | newnym
Actual Points: | Parent ID:
Points: | Reviewer:
Sponsor: |
-------------------------------------+-------------------------------------
During `New Identity` we run some fancy code to make sure we are really
have a clean state after closing and reopening the browser:
{{{
// Run garbage collection and cycle collection after window is gone.
// This ensures that blob URIs are forgotten.
window.addEventListener("unload", function (event) {
torbutton_log(3, "Initiating New Identity GC pass");
// Clear out potential pending sInterSliceGCTimer:
m_tb_domWindowUtils.runNextCollectorTimer();
// Clear out potential pending sICCTimer:
m_tb_domWindowUtils.runNextCollectorTimer();
// Schedule a garbage collection in 4000-1000ms...
m_tb_domWindowUtils.garbageCollect();
// To ensure the GC runs immediately instead of 4-10s from now, we
need
// to poke it at least 11 times.
// We need 5 pokes for GC, 1 poke for the interSliceGC, and 5 pokes
for CC.
// See nsJSContext::RunNextCollectorTimer() in
// https://mxr.mozilla.org/mozilla-
central/source/dom/base/nsJSEnvironment.cpp#1970.
// XXX: We might want to make our own method for immediate full GC...
for (let poke = 0; poke < 11; poke++) {
m_tb_domWindowUtils.runNextCollectorTimer();
}
// And now, since the GC probably actually ran *after* the CC last
time,
// run the whole thing again.
m_tb_domWindowUtils.garbageCollect();
for (let poke = 0; poke < 11; poke++) {
m_tb_domWindowUtils.runNextCollectorTimer();
}
}}}
That leads to an exception in `chrome://extensions/content/ext-tabs-
base.js` in some cases at
{{{
get frameLoader() {
return this.browser.frameLoader;
}}}
as it is not guaranteed that `browser` is still a thing during that
operation. An example where this occurs is
1) On `about:page` open the link to our newsletter in a new tab
2) Open the browser console
3) Hit `New Identity`
This got reported on our blog
https://blog.torproject.org/comment/279507#comment-279507 ff.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/29334>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tbb-bugs
mailing list