Bug 111234

Summary: Don't leak Documents when using MutationObserver from extensions
Product: WebKit Reporter: Elliott Sprehn <esprehn>
Component: New BugsAssignee: Elliott Sprehn <esprehn>
Status: RESOLVED FIXED    
Severity: Normal CC: abarth, adamk, haraken, japhet, rafaelw, webkit.review.bot
Priority: P2    
Version: 528+ (Nightly build)   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
Patch
none
Patch none

Elliott Sprehn
Reported 2013-03-01 16:47:50 PST
Don't leak Documents when using MutationObserver from extensions
Attachments
Patch (7.12 KB, patch)
2013-03-01 16:52 PST, Elliott Sprehn 		no flags
DetailsFormatted DiffDiff
Patch (7.41 KB, patch)
2013-03-01 17:13 PST, Elliott Sprehn 		no flags
DetailsFormatted DiffDiff
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.
Elliott Sprehn
Comment 1 2013-03-01 16:52:30 PST
Created attachment 191072 [details] Patch
Adam Klein
Comment 2 2013-03-01 17:01:19 PST
Comment on attachment 191072 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=191072&action=review > Source/WebCore/bindings/v8/V8Binding.cpp:273 > + if (!world) Seems like there ought to at least be a FIXME here, since it's not at all obvious why this is a signal for the main world...
Elliott Sprehn
Comment 3 2013-03-01 17:13:17 PST
Created attachment 191079 [details] Patch
Elliott Sprehn
Comment 4 2013-03-01 17:13:50 PST
(In reply to comment #2) > (From update of attachment 191072 [details]) > View in context: https://bugs.webkit.org/attachment.cgi?id=191072&action=review > > > Source/WebCore/bindings/v8/V8Binding.cpp:273 > > + if (!world) > > Seems like there ought to at least be a FIXME here, since it's not at all obvious why this is a signal for the main world... Done.
Adam Barth
Comment 5 2013-03-01 18:00:23 PST
Comment on attachment 191079 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=191079&action=review We should eventually replace all uses of WorldContextHandle with this mechanism. > Source/WebCore/bindings/v8/V8Binding.cpp:278 > + return v8::Local<v8::Context>::New(frame->script()->windowShell(world)->context()); It it possible that windowShell(world) will return null? I guess not if the context is active in the frame. > Source/WebCore/bindings/v8/V8Binding.cpp:282 > + if (WorkerScriptController* script = static_cast<WorkerContext*>(context)->script()) Is it possible for script() to return null here? That seems like it would be an odd situation...
Elliott Sprehn
Comment 6 2013-03-01 18:14:57 PST
Comment on attachment 191079 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=191079&action=review >> Source/WebCore/bindings/v8/V8Binding.cpp:278 >> + return v8::Local<v8::Context>::New(frame->script()->windowShell(world)->context()); > > It it possible that windowShell(world) will return null? I guess not if the context is active in the frame. It's not possible if you look at the code in ScriptController::windowShell which crashes if the shell would have been null since it does !shell->isContextInitialized() && shell->initializeIfNeeded() in an if statement below the find(). There should probably be an ASSERT in there to make this more obvious. >> Source/WebCore/bindings/v8/V8Binding.cpp:282 >> + if (WorkerScriptController* script = static_cast<WorkerContext*>(context)->script()) > > Is it possible for script() to return null here? That seems like it would be an odd situation... The other toV8Context and WorldContextHandle assume this is impossible.
Adam Barth
Comment 7 2013-03-01 18:22:41 PST
Comment on attachment 191079 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=191079&action=review >>> Source/WebCore/bindings/v8/V8Binding.cpp:282 >>> + if (WorkerScriptController* script = static_cast<WorkerContext*>(context)->script()) >> >> Is it possible for script() to return null here? That seems like it would be an odd situation... > > The other toV8Context and WorldContextHandle assume this is impossible. You probably mean "is possible". :)
WebKit Review Bot
Comment 8 2013-03-01 18:37:52 PST
Comment on attachment 191079 [details] Patch Clearing flags on attachment: 191079 Committed r144522: <http://trac.webkit.org/changeset/144522>
WebKit Review Bot
Comment 9 2013-03-01 18:37:56 PST
All reviewed patches have been landed. Closing bug.
Note You need to log in before you can comment on or make changes to this bug.