Title: [171481] trunk/Source/WebCore
- Revision
- 171481
- Author
- [email protected]
- Date
- 2014-07-23 10:57:17 -0700 (Wed, 23 Jul 2014)
Log Message
JSDOMWindowShell leaks on pages with media elements
https://bugs.webkit.org/show_bug.cgi?id=135178
Patch by Joseph Pecoraro <[email protected]> on 2014-07-23
Reviewed by Oliver Hunt.
The DOMWindowWorld for HTMLMediaElements with MEDIA_CONTROLS_SCRIPT
was not getting cleared and removed.
* bindings/js/ScriptController.cpp:
(WebCore::ScriptController::clearWindowShell):
Iterate over a copy of the values. A sweep / garbage collection caused by
any JSC allocation during iteration could trigger a mutation of the m_windowShells
table that was being iterating. So instead iterate a list that won't mutate.
* html/HTMLMediaElement.cpp:
(WebCore::HTMLMediaElement::~HTMLMediaElement):
If we had an isolated world, release as much memory as possible.
Modified Paths
Diff
Modified: trunk/Source/WebCore/ChangeLog (171480 => 171481)
--- trunk/Source/WebCore/ChangeLog 2014-07-23 17:56:18 UTC (rev 171480)
+++ trunk/Source/WebCore/ChangeLog 2014-07-23 17:57:17 UTC (rev 171481)
@@ -1,3 +1,23 @@
+2014-07-23 Joseph Pecoraro <[email protected]>
+
+ JSDOMWindowShell leaks on pages with media elements
+ https://bugs.webkit.org/show_bug.cgi?id=135178
+
+ Reviewed by Oliver Hunt.
+
+ The DOMWindowWorld for HTMLMediaElements with MEDIA_CONTROLS_SCRIPT
+ was not getting cleared and removed.
+
+ * bindings/js/ScriptController.cpp:
+ (WebCore::ScriptController::clearWindowShell):
+ Iterate over a copy of the values. A sweep / garbage collection caused by
+ any JSC allocation during iteration could trigger a mutation of the m_windowShells
+ table that was being iterating. So instead iterate a list that won't mutate.
+
+ * html/HTMLMediaElement.cpp:
+ (WebCore::HTMLMediaElement::~HTMLMediaElement):
+ If we had an isolated world, release as much memory as possible.
+
2014-07-23 Bem Jones-Bey <[email protected]>
Ensure we compute the min and max height of replaced elements to 'none' or 0 when appropriate.
Modified: trunk/Source/WebCore/bindings/js/ScriptController.cpp (171480 => 171481)
--- trunk/Source/WebCore/bindings/js/ScriptController.cpp 2014-07-23 17:56:18 UTC (rev 171480)
+++ trunk/Source/WebCore/bindings/js/ScriptController.cpp 2014-07-23 17:57:17 UTC (rev 171481)
@@ -182,9 +182,12 @@
JSLockHolder lock(JSDOMWindowBase::commonVM());
- for (ShellMap::iterator iter = m_windowShells.begin(); iter != m_windowShells.end(); ++iter) {
- JSDOMWindowShell* windowShell = iter->value.get();
+ Vector<JSC::Strong<JSDOMWindowShell>> windowShells;
+ copyValuesToVector(m_windowShells, windowShells);
+ for (size_t i = 0; i < windowShells.size(); ++i) {
+ JSDOMWindowShell* windowShell = windowShells[i].get();
+
if (&windowShell->window()->impl() == newDOMWindow)
continue;
Modified: trunk/Source/WebCore/html/HTMLMediaElement.cpp (171480 => 171481)
--- trunk/Source/WebCore/html/HTMLMediaElement.cpp 2014-07-23 17:56:18 UTC (rev 171480)
+++ trunk/Source/WebCore/html/HTMLMediaElement.cpp 2014-07-23 17:57:17 UTC (rev 171481)
@@ -416,6 +416,11 @@
setMediaKeys(0);
#endif
+#if ENABLE(MEDIA_CONTROLS_SCRIPT)
+ if (m_isolatedWorld)
+ m_isolatedWorld->clearWrappers();
+#endif
+
m_completelyLoaded = true;
if (m_player)
m_player->clearMediaPlayerClient();
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
