Changeset 130335 in webkit

Timestamp:

Oct 3, 2012, 3:41:57 PM (13 years ago)

Author:

jsbell@chromium.org

Message:

IndexedDB: Memory leak when deleting object stores with indexes
​https://bugs.webkit.org/show_bug.cgi?id=98292

Reviewed by Tony Chang.

Reference cycles between IDBObjectStore and IDBIndex instances are explicitly
broken when the transaction completes (and the spec allows traversal to fail).
Deleted stores need to have the reference cycle broken too.

Caught by running valgrind over: storage/indexeddb/keypath-basics.html

• Modules/indexeddb/IDBTransaction.cpp:

(WebCore::IDBTransaction::objectStoreDeleted): Add store to set.
(WebCore::IDBTransaction::dispatchEvent): Notify stores in set.

• Modules/indexeddb/IDBTransaction.h: Add set of deleted stores.

Location:

trunk/Source/WebCore

Files:

• ChangeLog (modified) (1 diff)
• Modules/indexeddb/IDBTransaction.cpp (modified) (2 diffs)
• Modules/indexeddb/IDBTransaction.h (modified) (1 diff)

trunk/Source/WebCore/ChangeLog

@@ +1 @@
+2012-10-03  Joshua Bell  <jsbell@chromium.org>
+
+        IndexedDB: Memory leak when deleting object stores with indexes
+        https://bugs.webkit.org/show_bug.cgi?id=98292
+
+        Reviewed by Tony Chang.
+
+        Reference cycles between IDBObjectStore and IDBIndex instances are explicitly
+        broken when the transaction completes (and the spec allows traversal to fail).
+        Deleted stores need to have the reference cycle broken too.
+
+        Caught by running valgrind over: storage/indexeddb/keypath-basics.html
+
+        * Modules/indexeddb/IDBTransaction.cpp:
+        (WebCore::IDBTransaction::objectStoreDeleted): Add store to set.
+        (WebCore::IDBTransaction::dispatchEvent): Notify stores in set.
+        * Modules/indexeddb/IDBTransaction.h: Add set of deleted stores.
+
 2012-10-03  Adam Barth  <abarth@webkit.org>
 

trunk/Source/WebCore/Modules/indexeddb/IDBTransaction.cpp

@@ -187 +187 @@
         objectStore->markDeleted();
         m_objectStoreCleanupMap.set(objectStore, objectStore->metadata());
+        m_deletedObjectStores.add(objectStore);
     }
 }
@@ -387 +388 @@
         it->second->transactionFinished();
     m_objectStoreMap.clear();
+    for (IDBObjectStoreSet::iterator it = m_deletedObjectStores.begin(); it != m_deletedObjectStores.end(); ++it)
+        (*it)->transactionFinished();
+    m_deletedObjectStores.clear();
 
     Vector<RefPtr<EventTarget> > targets;

trunk/Source/WebCore/Modules/indexeddb/IDBTransaction.h

@@ -159 +159 @@
     IDBObjectStoreMap m_objectStoreMap;
 
+    typedef HashSet<RefPtr<IDBObjectStore> > IDBObjectStoreSet;
+    IDBObjectStoreSet m_deletedObjectStores;
+
     typedef HashMap<RefPtr<IDBObjectStore>, IDBObjectStoreMetadata> IDBObjectStoreMetadataMap;
     IDBObjectStoreMetadataMap m_objectStoreCleanupMap;