trace-refcnt reports a leak including nsDocument and nsGlobalWindow.

This prevents me from looking for other nsGlobalWindows leaks while fuzzing.

This looks pretty bad.

Still leaks on mozilla-central (the fix for bug 502055 didn't help).

I guess it's not that bad if it only happens for media elements with javascript: source URLs, which no-one would actually really use, but it's still bad.

The problem seems to be that the nsHTMLMediaElement::MediaLoadListener is not released. Maybe because the nsJSChannel is failing with this warning: WARNING: No principal to execute JS with: file /Users/roc/mozilla-checkin/dom/src/jsurl/nsJSProtocolHandler.cpp, line 189

The problem is the cycle where the MediaLoadListener holds a reference to the element, the element holds a reference to the channel, and the channel holds a reference to the MediaLoadListener. Normally we break that cycle in OnStartRequest by clearing mElement, but if there's an error status in OnStartRequest we're not clearing mElement. This could be pretty bad, it could leak anytime we have an error in OnStartRequest.

Checked in: http://hg.mozilla.org/mozilla-central/rev/6451086910d3 There was a stupid mistake that caused tests to crash. I fixed it: http://hg.mozilla.org/mozilla-central/rev/531ad2164ce9

I think we should probably take this on branch, it's a simple patch and the leak is probably going to hit real users.

Mass change: adding fixed1.9.2 keyword (This bug was identified as a mozilla1.9.2 blocker which was fixed before the mozilla-1.9.2 repository was branched (August 13th, 2009) as per this query: http://is.gd/2ydcb - if this bug is not actually fixed on mozilla1.9.2, please remove the keyword. Apologies for the bugspam)