[webkit-changes] [186449] releases/WebKitGTK/webkit-2.8/Source/WebCore

Tue, 07 Jul 2015 04:55:22 -0700

Title: [186449] releases/WebKitGTK/webkit-2.8/Source/WebCore
Revision
186449
Author
[email protected]
Date
2015-07-07 04:55:04 -0700 (Tue, 07 Jul 2015)

Log Message

Merge r186267 - Memory leak for a protected Element having pending events in ImageLoader.
https://bugs.webkit.org/show_bug.cgi?id=146538

Patch by Kyounga Ra <[email protected]> on 2015-07-03
Reviewed by Brady Eidson.

If ImageLoader is destroyed before an active derefElementTimer is fired, protected element's refCount never be zero..

* loader/ImageLoader.cpp:
(WebCore::ImageLoader::~ImageLoader):
(WebCore::ImageLoader::updateFromElement):
(WebCore::ImageLoader::updateRenderer):
(WebCore::ImageLoader::updatedHasPendingEvent):
(WebCore::ImageLoader::timerFired):
* loader/ImageLoader.h:

Modified Paths

Diff

Modified: releases/WebKitGTK/webkit-2.8/Source/WebCore/ChangeLog (186448 => 186449)


--- releases/WebKitGTK/webkit-2.8/Source/WebCore/ChangeLog	2015-07-07 11:52:49 UTC (rev 186448)
+++ releases/WebKitGTK/webkit-2.8/Source/WebCore/ChangeLog	2015-07-07 11:55:04 UTC (rev 186449)
@@ -1,3 +1,20 @@
+2015-07-03  Kyounga Ra  <[email protected]>
+
+        Memory leak for a protected Element having pending events in ImageLoader. 
+        https://bugs.webkit.org/show_bug.cgi?id=146538
+
+        Reviewed by Brady Eidson.
+
+        If ImageLoader is destroyed before an active derefElementTimer is fired, protected element's refCount never be zero..
+
+        * loader/ImageLoader.cpp:
+        (WebCore::ImageLoader::~ImageLoader):
+        (WebCore::ImageLoader::updateFromElement):
+        (WebCore::ImageLoader::updateRenderer):
+        (WebCore::ImageLoader::updatedHasPendingEvent):
+        (WebCore::ImageLoader::timerFired):
+        * loader/ImageLoader.h:
+
 2015-07-03  Daniel Bates  <[email protected]>
 
         REGRESSION (r178097): _javascript_ TypeError after clicking on compose button in Yahoo Mail

Modified: releases/WebKitGTK/webkit-2.8/Source/WebCore/loader/ImageLoader.cpp (186448 => 186449)


--- releases/WebKitGTK/webkit-2.8/Source/WebCore/loader/ImageLoader.cpp	2015-07-07 11:52:49 UTC (rev 186448)
+++ releases/WebKitGTK/webkit-2.8/Source/WebCore/loader/ImageLoader.cpp	2015-07-07 11:55:04 UTC (rev 186449)
@@ -116,11 +116,6 @@
     ASSERT(m_hasPendingErrorEvent || !errorEventSender().hasPendingEvents(*this));
     if (m_hasPendingErrorEvent)
         errorEventSender().cancelEvent(*this);
-
-    // If the ImageLoader is being destroyed but it is still protecting its image-loading Element,
-    // remove that protection here.
-    if (m_elementIsProtected)
-        element().deref();
 }
 
 void ImageLoader::setImage(CachedImage* newImage)
@@ -163,7 +158,7 @@
 
 void ImageLoader::updateFromElement()
 {
-    // If we're not making renderers for the page, then don't load images.  We don't want to slow
+    // If we're not making renderers for the page, then don't load images. We don't want to slow
     // down the raw HTML parsing case by loading images we don't intend to display.
     Document& document = element().document();
     if (!document.hasLivingRenderTree())
@@ -345,7 +340,7 @@
         return;
 
     // Only update the renderer if it doesn't have an image or if what we have
-    // is a complete image.  This prevents flickering in the case where a dynamic
+    // is a complete image. This prevents flickering in the case where a dynamic
     // change is happening between two images.
     CachedImage* cachedImage = imageResource->cachedImage();
     if (m_image != cachedImage && (m_imageComplete || !cachedImage))
@@ -367,7 +362,7 @@
         if (m_derefElementTimer.isActive())
             m_derefElementTimer.stop();
         else
-            element().ref();
+            m_protectedElement = &element();
     } else {
         ASSERT(!m_derefElementTimer.isActive());
         m_derefElementTimer.startOneShot(0);
@@ -376,7 +371,7 @@
 
 void ImageLoader::timerFired()
 {
-    element().deref();
+    m_protectedElement = nullptr;
 }
 
 void ImageLoader::dispatchPendingEvent(ImageEventSender* eventSender)

Modified: releases/WebKitGTK/webkit-2.8/Source/WebCore/loader/ImageLoader.h (186448 => 186449)


--- releases/WebKitGTK/webkit-2.8/Source/WebCore/loader/ImageLoader.h	2015-07-07 11:52:49 UTC (rev 186448)
+++ releases/WebKitGTK/webkit-2.8/Source/WebCore/loader/ImageLoader.h	2015-07-07 11:55:04 UTC (rev 186449)
@@ -96,6 +96,7 @@
     Element& m_element;
     CachedResourceHandle<CachedImage> m_image;
     Timer m_derefElementTimer;
+    RefPtr<Element> m_protectedElement;
     AtomicString m_failedLoadURL;
     bool m_hasPendingBeforeLoadEvent : 1;
     bool m_hasPendingLoadEvent : 1;

_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to