Skip to site navigation (Press enter)

[webkit-changes] [215465] trunk/Source/WebCore

akling Tue, 18 Apr 2017 09:34:45 -0700

Title: [215465] trunk/Source/WebCore

Revision: 215465
Author: [email protected]
Date: 2017-04-18 09:34:11 -0700 (Tue, 18 Apr 2017)

Log Message

Break Document::m_associatedFormControls reference cycle.
<https://webkit.org/b/170946>


Reviewed by Antti Koivisto.

There was a race between didAssociateFormControls() and didAssociateFormControlsTimerFired()
where detaching Document from its frame between the two would lead to an unbreakable reference
cycle between Document and its form elements.

Solve this by clearing the set of associated form elements in removedLastRef(), where we clear
all the other strong smart pointers to elements.

* dom/Document.cpp:
(WebCore::Document::removedLastRef):

Modified Paths

trunk/Source/WebCore/ChangeLog
trunk/Source/WebCore/dom/Document.cpp

Diff

Modified: trunk/Source/WebCore/ChangeLog (215464 => 215465)


--- trunk/Source/WebCore/ChangeLog	2017-04-18 16:33:13 UTC (rev 215464)
+++ trunk/Source/WebCore/ChangeLog	2017-04-18 16:34:11 UTC (rev 215465)
@@ -1,3 +1,20 @@
+2017-04-18  Andreas Kling  <[email protected]>
+
+        Break Document::m_associatedFormControls reference cycle.
+        <https://webkit.org/b/170946>
+
+        Reviewed by Antti Koivisto.
+
+        There was a race between didAssociateFormControls() and didAssociateFormControlsTimerFired()
+        where detaching Document from its frame between the two would lead to an unbreakable reference
+        cycle between Document and its form elements.
+
+        Solve this by clearing the set of associated form elements in removedLastRef(), where we clear
+        all the other strong smart pointers to elements.
+
+        * dom/Document.cpp:
+        (WebCore::Document::removedLastRef):
+
 2017-04-18  Manuel Rego Casasnovas  <[email protected]>
 
         [css-grid] Add support for percentage gaps

Modified: trunk/Source/WebCore/dom/Document.cpp (215464 => 215465)


--- trunk/Source/WebCore/dom/Document.cpp	2017-04-18 16:33:13 UTC (rev 215464)
+++ trunk/Source/WebCore/dom/Document.cpp	2017-04-18 16:34:11 UTC (rev 215465)
@@ -625,6 +625,7 @@
         m_fullScreenElement = nullptr;
         m_fullScreenElementStack.clear();
 #endif
+        m_associatedFormControls.clear();
 
         detachParser();

_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes