Title: [137615] trunk/Source/WebCore
- Revision
- 137615
- Author
- [email protected]
- Date
- 2012-12-13 10:48:43 -0800 (Thu, 13 Dec 2012)
Log Message
Document will never be released when an Image is created inside unload event listener
https://bugs.webkit.org/show_bug.cgi?id=104830
Patch by Yongjun Zhang <[email protected]> on 2012-12-13
Reviewed by Darin Adler.
When setting src attribute to an Image object inside unload event listener, ImageLoader will
mark it as load failure (by setting m_hasPendingErrorEvent to true) and the following call
to updatedHasPendingEvent will ref the element but won't be deref-ed since the Document is
being dismissed. This was introduced in r131670. To match pre r131670 behavior, we shouldn't
trigger error event for image loading when the page is being dismissed.
No new tests, there is no visual change. Manually tested to verify documents are released by
using heap in Mac OS X.
* loader/ImageLoader.cpp:
(WebCore::pageIsBeingDismissed): add a helper function to test whether the page is being dismissed.
(WebCore::ImageLoader::updateFromElement): don't trigger error event if the page is being dismissed.
Modified Paths
Diff
Modified: trunk/Source/WebCore/ChangeLog (137614 => 137615)
--- trunk/Source/WebCore/ChangeLog 2012-12-13 18:47:13 UTC (rev 137614)
+++ trunk/Source/WebCore/ChangeLog 2012-12-13 18:48:43 UTC (rev 137615)
@@ -1,3 +1,23 @@
+2012-12-13 Yongjun Zhang <[email protected]>
+
+ Document will never be released when an Image is created inside unload event listener
+ https://bugs.webkit.org/show_bug.cgi?id=104830
+
+ Reviewed by Darin Adler.
+
+ When setting src attribute to an Image object inside unload event listener, ImageLoader will
+ mark it as load failure (by setting m_hasPendingErrorEvent to true) and the following call
+ to updatedHasPendingEvent will ref the element but won't be deref-ed since the Document is
+ being dismissed. This was introduced in r131670. To match pre r131670 behavior, we shouldn't
+ trigger error event for image loading when the page is being dismissed.
+
+ No new tests, there is no visual change. Manually tested to verify documents are released by
+ using heap in Mac OS X.
+
+ * loader/ImageLoader.cpp:
+ (WebCore::pageIsBeingDismissed): add a helper function to test whether the page is being dismissed.
+ (WebCore::ImageLoader::updateFromElement): don't trigger error event if the page is being dismissed.
+
2012-12-13 Claudio Saavedra <[email protected]>
[GTK] Add missing breaks in switch-case statements
Modified: trunk/Source/WebCore/loader/ImageLoader.cpp (137614 => 137615)
--- trunk/Source/WebCore/loader/ImageLoader.cpp 2012-12-13 18:47:13 UTC (rev 137614)
+++ trunk/Source/WebCore/loader/ImageLoader.cpp 2012-12-13 18:48:43 UTC (rev 137615)
@@ -31,6 +31,7 @@
#include "ElementShadow.h"
#include "Event.h"
#include "EventSender.h"
+#include "Frame.h"
#include "HTMLNames.h"
#include "HTMLObjectElement.h"
#include "HTMLParserIdioms.h"
@@ -84,6 +85,12 @@
return sender;
}
+static inline bool pageIsBeingDismissed(Document* document)
+{
+ Frame* frame = document->frame();
+ return frame && frame->loader()->pageDismissalEventBeingDispatched() != FrameLoader::NoDismissal;
+}
+
ImageLoader::ImageLoader(ImageLoaderClient* client)
: m_client(client)
, m_image(0)
@@ -200,8 +207,9 @@
// If we do not have an image here, it means that a cross-site
// violation occurred, or that the image was blocked via Content
- // Security Policy. Either way, trigger an error event.
- if (!newImage) {
+ // Security Policy, or the page is being dismissed. Trigger an
+ // error event if the page is not being dismissed.
+ if (!newImage && !pageIsBeingDismissed(document())) {
m_failedLoadURL = attr;
m_hasPendingErrorEvent = true;
errorEventSender().dispatchEventSoon(this);
_______________________________________________
webkit-changes mailing list
[email protected]
http://lists.webkit.org/mailman/listinfo/webkit-changes
