diff options
| author | Yongjun Zhang <yongjun_zhang@apple.com> | 2013-08-06 12:07:02 +0200 |
|---|---|---|
| committer | The Qt Project <gerrit-noreply@qt-project.org> | 2013-08-08 18:33:16 +0200 |
| commit | 6ba7d28706c770b0921de5a56cb24be85d8f179a (patch) | |
| tree | a3ff61b99d5fcdc897385a10d80932d860844d76 /Source/JavaScriptCore/API/JSContextRef.cpp | |
| parent | fe109d34374117ce5a1b37f56f8f04dbcb7ba65e (diff) | |
| download | qtwebkit-6ba7d28706c770b0921de5a56cb24be85d8f179a.tar.gz | |
If ImageLoader's loadEventSender or errorEventSender fires after document is detached, the document will be leaked.
https://bugs.webkit.org/show_bug.cgi?id=106394
Patch by Yongjun Zhang <yongjun_zhang@apple.com> on 2013-01-09
Reviewed by Alexey Proskuryakov.
ImageLoader's loadEventSender and errorEventSender schedule event dispatching in separate timers and refs
the Element in updatedHasPendingEvent. If the Document is detached before either eventSender dispatches,
we would leak the Document since we bail out early in dispatchPendingLoadEvent or dispatchPendingErrorEvent,
without deref-ing the Element itself.
No new tests. Verified manually by using heap tool to count the living HTMLDocuments.
* loader/ImageLoader.cpp:
(WebCore::ImageLoader::dispatchPendingLoadEvent): also call updatedHasPendingEvent to deref the Element if
the document is detached.
(WebCore::ImageLoader::dispatchPendingErrorEvent): ditto.
Change-Id: Ie1102e0659bf37f4cf0002ce1d2ee259c6840921
git-svn-id: http://svn.webkit.org/repository/webkit/trunk@139209 268f45cc-cd09-0410-ab3c-d52691b4dbfc
Reviewed-by: Jocelyn Turcotte <jocelyn.turcotte@digia.com>
Diffstat (limited to 'Source/JavaScriptCore/API/JSContextRef.cpp')
0 files changed, 0 insertions, 0 deletions