Changeset 58316 in webkit
- Timestamp:
- Apr 27, 2010 10:58:56 AM (14 years ago)
- Location:
- trunk/WebCore
- Files:
-
- 2 edited
-
ChangeLog (modified) (1 diff)
-
bindings/v8/V8GCController.cpp (modified) (1 diff)
Legend:
- Unmodified
- Added
- Removed
-
trunk/WebCore/ChangeLog
r58315 r58316 1 2010-04-27 Vitaly Repeshko <vitalyr@chromium.org> 2 3 Reviewed by Nate Chapin. 4 5 [V8] Fix XHR memory leak in GC controller. 6 https://bugs.webkit.org/show_bug.cgi?id=38202 7 8 http://trac.webkit.org/changeset/55798 simplified processing of 9 active DOM objects but introduced a subtle bug in garbage 10 collection of XHRs. ActiveDOMObject is not a direct base class of 11 XHR and so upcasting changes pointer identity and breaks DOM 12 maps. This leads to forever live persistent handles to XHR that 13 had pending activity while V8 GC happened. 14 15 * bindings/v8/V8GCController.cpp: 16 (WebCore::GCEpilogueVisitor::visitDOMWrapper): 17 1 18 2010-04-27 Adam Barth <abarth@webkit.org> 2 19 -
trunk/WebCore/bindings/v8/V8GCController.cpp
r56166 r58316 379 379 if (activeDOMObject && activeDOMObject->hasPendingActivity()) { 380 380 ASSERT(!wrapper.IsWeak()); 381 wrapper.MakeWeak(activeDOMObject, &DOMDataStore::weakActiveDOMObjectCallback); 381 // NOTE: To re-enable weak status of the active object we use 382 // |object| from the map and not |activeDOMObject|. The latter 383 // may be a different pointer (in case ActiveDOMObject is not 384 // the main base class of the object's class) and pointer 385 // identity is required by DOM map functions. 386 wrapper.MakeWeak(object, &DOMDataStore::weakActiveDOMObjectCallback); 382 387 } 383 388 }
Note: See TracChangeset
for help on using the changeset viewer.
