[webkit-changes] [93717] trunk/Source/WebCore

Wed, 24 Aug 2011 11:28:17 -0700

Title: [93717] trunk/Source/WebCore
Revision
93717
Author
wei...@apple.com
Date
2011-08-24 11:28:12 -0700 (Wed, 24 Aug 2011)

Log Message

JSHTMLImageElement (and associated Node) is abandoned when image load is canceled
<rdar://problem/9925630>
https://bugs.webkit.org/show_bug.cgi?id=66864

Reviewed by Anders Carlsson.

In the JSC bindings, we use HTMLImageElement::hasPendingActivity() (which in turn calls
HTMLImageLoader::haveFiredLoadEvent()) to reason about the liveness of JSHTMLImageElements.
In the case that an image load is canceled, the haveFiredLoadEvent never true, so the
JSHTMLImageElement is kept alive forever (and since it references the global object, it
keeps the entire graph alive as well).

* loader/ImageLoader.cpp:
(WebCore::ImageLoader::notifyFinished):
Set m_firedLoad to true in the case of a canceled load, to reset the state back to
its initial values.

Modified Paths

Diff

Modified: trunk/Source/WebCore/ChangeLog (93716 => 93717)


--- trunk/Source/WebCore/ChangeLog	2011-08-24 18:27:10 UTC (rev 93716)
+++ trunk/Source/WebCore/ChangeLog	2011-08-24 18:28:12 UTC (rev 93717)
@@ -1,3 +1,22 @@
+2011-08-24  Sam Weinig  <s...@webkit.org>
+
+        JSHTMLImageElement (and associated Node) is abandoned when image load is canceled
+        <rdar://problem/9925630>
+        https://bugs.webkit.org/show_bug.cgi?id=66864
+
+        Reviewed by Anders Carlsson.
+
+        In the JSC bindings, we use HTMLImageElement::hasPendingActivity() (which in turn calls
+        HTMLImageLoader::haveFiredLoadEvent()) to reason about the liveness of JSHTMLImageElements.
+        In the case that an image load is canceled, the haveFiredLoadEvent never true, so the
+        JSHTMLImageElement is kept alive forever (and since it references the global object, it
+        keeps the entire graph alive as well).
+
+        * loader/ImageLoader.cpp:
+        (WebCore::ImageLoader::notifyFinished):
+        Set m_firedLoad to true in the case of a canceled load, to reset the state back to
+        its initial values.
+
 2011-08-24  Tommy Widenflycht  <tom...@google.com>
 
         MediaStream API: add createObjectURL functionality

Modified: trunk/Source/WebCore/loader/ImageLoader.cpp (93716 => 93717)


--- trunk/Source/WebCore/loader/ImageLoader.cpp	2011-08-24 18:27:10 UTC (rev 93716)
+++ trunk/Source/WebCore/loader/ImageLoader.cpp	2011-08-24 18:28:12 UTC (rev 93717)
@@ -234,8 +234,10 @@
     if (m_firedLoad)
         return;
 
-    if (resource->wasCanceled())
+    if (resource->wasCanceled()) {
+        m_firedLoad = true;
         return;
+    }
 
     loadEventSender().dispatchEventSoon(this);
 }

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
http://lists.webkit.org/mailman/listinfo.cgi/webkit-changes

Reply via email to