Breaking several cyclic references between SVG animated properties.

Based on upstream fix by sabouhallawa@apple.com at http://trac.webkit.org/changeset/196268

The leak happens because of cyclic reference between SVGListPropertyTearOff
and SVGAnimatedListPropertyTearOff which is derived from SVGAnimatedProperty.
There is also cyclic reference between SVGAnimatedProperty and SVGElement and
this causes the whole document to be leaked. So if the JS requests, for
example, an instance of SVGPolylineElement.points, the whole document will be
leaked.

The fix depends on having the cyclic reference as is since the owning and the
owned classes have to live together if any of them is referenced. But the owning
class caches a raw 'ref-counted' pointer of the owned class. If it is requested
for an instance of the owned class it returned a RefPtr<> of it. Once the owned
class is not used, it can delete itself. The only thing needed here is to notify
the owner class of the deletion so it cleans its caches and be able to create a
new pointer if it is requested for an instance of the owned class later.

Revert the change of r181345 in SVGAnimatedProperty::lookupOrCreateWrapper()
to break the cyclic reference between SVGElement and SVGAnimatedProperty.

Also apply the same approach in SVGAnimatedListPropertyTearOff::baseVal() and
animVal() to break cyclic reference between SVGListPropertyTearOff and
SVGAnimatedListPropertyTearOff.

Change-Id: Ied6a077299e47855feb235a1c9310f1a58aad91b
Reviewed-by: Konstantin Tokarev <annulen@yandex.ru>
Reviewed-by: Michael Brüning <michael.bruning@theqtcompany.com>

0 files changed, 0 insertions, 0 deletions