Comment 1 for bug 499603

Created an attachment (id=415914)
proposed fix

The bug is that mime isn't using xpcom reference counting semantics, so it's deleting an object that it should not. I also cleaned up a separate ref counting issue where mime was addreffing a pointer that had already been addreffed (though only getting rid of the delete fixes the crash).

For some reason, the url leak stuff added to nsStandardUrl.cpp exposed this issue, perhaps by changing the size of the url enough so that we weren't saved by heap buffer size rounding...

I'll try to come up with a mozmill test that at least exercises this code, though it won't guarantee anything...