Reviewers: dcarney, danno, jochen, adamk, titzer, haraken
CL: https://codereview.chromium.org/101733002/
https://codereview.chromium.org/101733002/diff/100001/src/api.cc
File src/api.cc (right):
https://codereview.chromium.org/101733002/diff/100001/src/api.cc#newcode5417
src/api.cc:5417: global = i::Handle<i::Object>(context->global_object(),
isolate);
On 2016/05/18 05:58:32, haraken wrote:
It looks like that this is doing something dangerous. When Blink calls
Context::Global for an detached iframe, it returns a global object
(which may be
already used by another iframe), not the global proxy object.
Is the TODO still valid?
Yes. We should never leak the naked global object to blink.
Description:
Fixed global object leak caused by overwriting the global receiver (the
global
proxy) in the global object with the global object itself.
This CL additionally removes the API function to reattach a global proxy to
a
global object.
BUG=324812
LOG=y
[email protected], [email protected]
Committed: https://code.google.com/p/v8/source/detail?r=18299
Base URL: https://v8.googlecode.com/svn/branches/bleeding_edge
Affected files (+113, -116 lines):
M include/v8.h
M src/api.cc
M src/bootstrapper.h
M src/bootstrapper.cc
M src/objects.h
M src/objects-inl.h
M src/runtime.h
M src/runtime.cc
M src/v8natives.js
M test/cctest/test-api.cc
M test/cctest/test-decls.cc
M test/cctest/test-object-observe.cc
--
--
v8-dev mailing list
[email protected]
http://groups.google.com/group/v8-dev
---
You received this message because you are subscribed to the Google Groups "v8-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
