Don't leak Documents when using MutationObserver from extensions
authorcommit-queue@webkit.org <commit-queue@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Sat, 2 Mar 2013 02:35:53 +0000 (02:35 +0000)
committercommit-queue@webkit.org <commit-queue@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Sat, 2 Mar 2013 02:35:53 +0000 (02:35 +0000)
commit72e109053e58af94d152900e9d581d6101b8021e
tree412eca6b689e4cbe6c45d1db936acbbfa35ddf05
parent1fc273f5d90e0e19816d866c90570468342e0539
Don't leak Documents when using MutationObserver from extensions
https://bugs.webkit.org/show_bug.cgi?id=111234

Patch by Elliott Sprehn <esprehn@gmail.com> on 2013-03-01
Reviewed by Adam Barth.

.:

* ManualTests/leak-observer-nonmain-world.html: Added.

Source/WebCore:

MutationObserverCallback holds a WorldContextHandle which secretly isn't
a handle to anything when it's for the main world. When it's for a non-main
world though, like those used in extensions, it becomes a strong reference
to the v8::Context which results in leaks by creating cycles:

MutationObserver -> Callback -> World -> Document -> Node -> MutationObserver.

Instead we should keep a RefPtr to a DOMWrapperWorld in the callback and then
get the v8::Context from that inside handleEvent.

Tests: ManualTests/leak-observer-nonmain-world.html

* bindings/v8/V8Binding.cpp:
(WebCore::toV8Context): Added overload that takes a DOMWrapperWorld.
* bindings/v8/V8Binding.h:
* bindings/v8/V8MutationCallback.cpp:
(WebCore::V8MutationCallback::V8MutationCallback):
(WebCore::V8MutationCallback::handleEvent):
* bindings/v8/V8MutationCallback.h:
(V8MutationCallback):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@144522 268f45cc-cd09-0410-ab3c-d52691b4dbfc
ChangeLog
ManualTests/leak-observer-nonmain-world.html [new file with mode: 0644]
Source/WebCore/ChangeLog
Source/WebCore/bindings/v8/V8Binding.cpp
Source/WebCore/bindings/v8/V8Binding.h
Source/WebCore/bindings/v8/V8MutationCallback.cpp
Source/WebCore/bindings/v8/V8MutationCallback.h