- Revision
- 133479
- Author
- [email protected]
- Date
- 2012-11-05 08:14:27 -0800 (Mon, 05 Nov 2012)
Log Message
[V8] Dispose() and Clear() should be always coupled for safety
https://bugs.webkit.org/show_bug.cgi?id=101191
Reviewed by Adam Barth.
Clear() is not mandatory. However, to avoid misusing already
disposed wrappers, Clear() should be always called just
after Dispose().
No tests. No change in behavior.
* bindings/v8/DOMWrapperMap.h:
(WebCore::DOMWrapperHashMap::defaultWeakCallback):
* bindings/v8/IntrusiveDOMWrapperMap.h:
(WebCore::IntrusiveDOMWrapperMap::weakCallback):
* bindings/v8/NPV8Object.cpp:
(WebCore::freeV8NPObject):
* bindings/v8/ScheduledAction.cpp:
(WebCore::ScheduledAction::~ScheduledAction):
* bindings/v8/V8NPObject.cpp:
(WebCore::V8NPTemplateMap::dispose):
(WebCore::weakNPObjectCallback):
(WebCore::forgetV8ObjectForNPObject):
* bindings/v8/V8PerContextData.cpp:
(WebCore::V8PerContextData::dispose):
* bindings/v8/V8ValueCache.cpp:
(WebCore::cachedStringCallback):
(WebCore::IntegerCache::~IntegerCache):
* bindings/v8/custom/V8InjectedScriptManager.cpp:
(WebCore::WeakReferenceCallback):
Modified Paths
Diff
Modified: trunk/Source/WebCore/ChangeLog (133478 => 133479)
--- trunk/Source/WebCore/ChangeLog 2012-11-05 15:56:43 UTC (rev 133478)
+++ trunk/Source/WebCore/ChangeLog 2012-11-05 16:14:27 UTC (rev 133479)
@@ -1,3 +1,36 @@
+2012-11-05 Kentaro Hara <[email protected]>
+
+ [V8] Dispose() and Clear() should be always coupled for safety
+ https://bugs.webkit.org/show_bug.cgi?id=101191
+
+ Reviewed by Adam Barth.
+
+ Clear() is not mandatory. However, to avoid misusing already
+ disposed wrappers, Clear() should be always called just
+ after Dispose().
+
+ No tests. No change in behavior.
+
+ * bindings/v8/DOMWrapperMap.h:
+ (WebCore::DOMWrapperHashMap::defaultWeakCallback):
+ * bindings/v8/IntrusiveDOMWrapperMap.h:
+ (WebCore::IntrusiveDOMWrapperMap::weakCallback):
+ * bindings/v8/NPV8Object.cpp:
+ (WebCore::freeV8NPObject):
+ * bindings/v8/ScheduledAction.cpp:
+ (WebCore::ScheduledAction::~ScheduledAction):
+ * bindings/v8/V8NPObject.cpp:
+ (WebCore::V8NPTemplateMap::dispose):
+ (WebCore::weakNPObjectCallback):
+ (WebCore::forgetV8ObjectForNPObject):
+ * bindings/v8/V8PerContextData.cpp:
+ (WebCore::V8PerContextData::dispose):
+ * bindings/v8/V8ValueCache.cpp:
+ (WebCore::cachedStringCallback):
+ (WebCore::IntegerCache::~IntegerCache):
+ * bindings/v8/custom/V8InjectedScriptManager.cpp:
+ (WebCore::WeakReferenceCallback):
+
2012-11-05 Hans Muller <[email protected]>
[CSS Exclusions] Layout of the first shape-inside line can be incorrect
Modified: trunk/Source/WebCore/bindings/v8/DOMWrapperMap.h (133478 => 133479)
--- trunk/Source/WebCore/bindings/v8/DOMWrapperMap.h 2012-11-05 15:56:43 UTC (rev 133478)
+++ trunk/Source/WebCore/bindings/v8/DOMWrapperMap.h 2012-11-05 16:14:27 UTC (rev 133479)
@@ -82,6 +82,7 @@
v8::Persistent<v8::Object> wrapper = it->value;
toWrapperTypeInfo(wrapper)->derefObject(it->key);
wrapper.Dispose();
+ wrapper.Clear();
}
m_map.clear();
}
@@ -111,6 +112,7 @@
map->remove(key, wrapper);
wrapper.Dispose();
+ wrapper.Clear();
type->derefObject(key);
}
Modified: trunk/Source/WebCore/bindings/v8/IntrusiveDOMWrapperMap.h (133478 => 133479)
--- trunk/Source/WebCore/bindings/v8/IntrusiveDOMWrapperMap.h 2012-11-05 15:56:43 UTC (rev 133478)
+++ trunk/Source/WebCore/bindings/v8/IntrusiveDOMWrapperMap.h 2012-11-05 16:14:27 UTC (rev 133479)
@@ -70,6 +70,7 @@
key->clearWrapper();
value.Dispose();
+ value.Clear();
key->deref();
}
};
Modified: trunk/Source/WebCore/bindings/v8/NPV8Object.cpp (133478 => 133479)
--- trunk/Source/WebCore/bindings/v8/NPV8Object.cpp 2012-11-05 15:56:43 UTC (rev 133478)
+++ trunk/Source/WebCore/bindings/v8/NPV8Object.cpp 2012-11-05 16:14:27 UTC (rev 133479)
@@ -92,6 +92,7 @@
v8NPObjectMap->remove(v8ObjectHash);
}
v8NpObject->v8Object.Dispose();
+ v8NpObject->v8Object.Clear();
free(v8NpObject);
}
Modified: trunk/Source/WebCore/bindings/v8/ScheduledAction.cpp (133478 => 133479)
--- trunk/Source/WebCore/bindings/v8/ScheduledAction.cpp 2012-11-05 15:56:43 UTC (rev 133478)
+++ trunk/Source/WebCore/bindings/v8/ScheduledAction.cpp 2012-11-05 16:14:27 UTC (rev 133479)
@@ -62,8 +62,10 @@
ScheduledAction::~ScheduledAction()
{
- for (size_t i = 0; i < m_args.size(); ++i)
+ for (size_t i = 0; i < m_args.size(); ++i) {
m_args[i].Dispose();
+ m_args[i].Clear();
+ }
}
void ScheduledAction::execute(ScriptExecutionContext* context)
Modified: trunk/Source/WebCore/bindings/v8/V8NPObject.cpp (133478 => 133479)
--- trunk/Source/WebCore/bindings/v8/V8NPObject.cpp 2012-11-05 15:56:43 UTC (rev 133478)
+++ trunk/Source/WebCore/bindings/v8/V8NPObject.cpp 2012-11-05 16:14:27 UTC (rev 133479)
@@ -196,6 +196,7 @@
MapType::iterator it = m_map.find(key);
ASSERT(it != m_map.end());
it->value.Dispose();
+ it->value.Clear();
m_map.remove(it);
}
@@ -397,6 +398,7 @@
// call forgetV8ObjectForNPObject, which uses the table as well.
staticNPObjectMap().remove(npObject, wrapper);
wrapper.Dispose();
+ wrapper.Clear();
if (_NPN_IsAlive(npObject))
_NPN_ReleaseObject(npObject);
@@ -459,6 +461,7 @@
V8DOMWrapper::setDOMWrapper(wrapper, npObjectTypeInfo(), 0);
staticNPObjectMap().remove(object, wrapper);
wrapper.Dispose();
+ wrapper.Clear();
_NPN_ReleaseObject(object);
}
}
Modified: trunk/Source/WebCore/bindings/v8/V8PerContextData.cpp (133478 => 133479)
--- trunk/Source/WebCore/bindings/v8/V8PerContextData.cpp 2012-11-05 15:56:43 UTC (rev 133478)
+++ trunk/Source/WebCore/bindings/v8/V8PerContextData.cpp 2012-11-05 16:14:27 UTC (rev 133479)
@@ -55,6 +55,7 @@
for (; it != m_wrapperBoilerplates.end(); ++it) {
v8::Persistent<v8::Object> wrapper = it->value;
wrapper.Dispose();
+ wrapper.Clear();
}
m_wrapperBoilerplates.clear();
}
@@ -64,6 +65,7 @@
for (; it != m_constructorMap.end(); ++it) {
v8::Persistent<v8::Function> wrapper = it->value;
wrapper.Dispose();
+ wrapper.Clear();
}
m_constructorMap.clear();
}
Modified: trunk/Source/WebCore/bindings/v8/V8ValueCache.cpp (133478 => 133479)
--- trunk/Source/WebCore/bindings/v8/V8ValueCache.cpp 2012-11-05 15:56:43 UTC (rev 133478)
+++ trunk/Source/WebCore/bindings/v8/V8ValueCache.cpp 2012-11-05 16:14:27 UTC (rev 133479)
@@ -46,6 +46,7 @@
StringImpl* stringImpl = static_cast<StringImpl*>(parameter);
V8PerIsolateData::current()->stringCache()->remove(stringImpl);
wrapper.Dispose();
+ wrapper.Clear();
stringImpl->deref();
}
@@ -113,8 +114,10 @@
IntegerCache::~IntegerCache()
{
if (m_initialized) {
- for (int value = 0; value < numberOfCachedSmallIntegers; value++)
+ for (int value = 0; value < numberOfCachedSmallIntegers; value++) {
m_smallIntegers[value].Dispose();
+ m_smallIntegers[value].Clear();
+ }
m_initialized = false;
}
}
Modified: trunk/Source/WebCore/bindings/v8/custom/V8InjectedScriptManager.cpp (133478 => 133479)
--- trunk/Source/WebCore/bindings/v8/custom/V8InjectedScriptManager.cpp 2012-11-05 15:56:43 UTC (rev 133478)
+++ trunk/Source/WebCore/bindings/v8/custom/V8InjectedScriptManager.cpp 2012-11-05 16:14:27 UTC (rev 133479)
@@ -49,6 +49,7 @@
InjectedScriptHost* nativeObject = static_cast<InjectedScriptHost*>(parameter);
nativeObject->deref();
object.Dispose();
+ object.Clear();
}
static v8::Local<v8::Object> createInjectedScriptHostV8Wrapper(InjectedScriptHost* host)
