WebKit Bugzilla
New
Browse
Log In
×
Sign in with GitHub
or
Remember my login
Create Account
·
Forgot Password
Forgotten password account recovery
RESOLVED FIXED
21213
MessagePort crash when GC collects an object with a pending close event
https://bugs.webkit.org/show_bug.cgi?id=21213
Summary
MessagePort crash when GC collects an object with a pending close event
Alexey Proskuryakov
Reported
2008-09-29 07:53:09 PDT
CloseMessagePortTimer retains MessagePort, but not its wrapper. As a result, event listeners can be garbage collected, and the close event will be dispatched using a stale listener object pointer. Patch forthcoming.
Attachments
proposed fix
(9.71 KB, patch)
2008-09-29 08:29 PDT
,
Alexey Proskuryakov
no flags
Details
Formatted Diff
Diff
updated patch
(21.26 KB, patch)
2008-09-30 04:31 PDT
,
Alexey Proskuryakov
sam
: review+
Details
Formatted Diff
Diff
Show Obsolete
(1)
View All
Add attachment
proposed patch, testcase, etc.
Alexey Proskuryakov
Comment 1
2008-09-29 08:29:09 PDT
Created
attachment 23908
[details]
proposed fix It seems really ugly to control JS garbage collection from DOM code (if anything, this will fail when we enable non-JS bindings for MessageChannel/MessagePort), but looks like we don't have another mechanism.
Darin Adler
Comment 2
2008-09-29 09:01:01 PDT
(In reply to
comment #1
)
> It seems really ugly to control JS garbage collection from DOM code (if > anything, this will fail when we enable non-JS bindings for > MessageChannel/MessagePort), but looks like we don't have another mechanism.
I think we need to come up with a general way to tell the bindings that an object is "active" and therefore should not be subject to garbage collection until it becomes inactive. On the other hand, that doesn't seem much different from an explicit call to gcProtect, except for being a bit more language-independent. It would be a bit more elegant to make a call to the bindings machinery on the DOM object and let the helper function do the "map to a wrapper and a gcProtect".
Alexey Proskuryakov
Comment 3
2008-09-30 01:32:11 PDT
Comment on
attachment 23908
[details]
proposed fix Clearing review flag, going to investigate a better solution.
Alexey Proskuryakov
Comment 4
2008-09-30 04:31:54 PDT
Created
attachment 23937
[details]
updated patch
Sam Weinig
Comment 5
2008-09-30 07:28:30 PDT
Comment on
attachment 23937
[details]
updated patch Nice.
Alexey Proskuryakov
Comment 6
2008-09-30 08:52:51 PDT
Committed revision 37094.
Note
You need to
log in
before you can comment on or make changes to this bug.
Top of Page
Format For Printing
XML
Clone This Bug