[Webkit-unassigned] [Bug 125888] New: Reloading a page with SVG should not cause leaks

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Tue Dec 17 16:49:39 PST 2013 

https://bugs.webkit.org/show_bug.cgi?id=125888

           Summary: Reloading a page with SVG should not cause leaks
           Product: WebKit
           Version: 528+ (Nightly build)
          Platform: Unspecified
        OS/Version: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: SVG
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: rniwa at webkit.org
                CC: zimmermann at kde.org, simon.fraser at apple.com,
                    thorton at apple.com


https://code.google.com/p/chromium/issues/detail?id=270000

Fixed in Blink: https://chromium.googlesource.com/chromium/blink/+/8b4d1c4dee0fbe311d3541623f1c48df3582a867

This patch introduces the new reference graph for SVG*TearOffs to resolve Node leaks. The graph is illustrated below:
https://docs.google.com/presentation/d/1cKqC9wc_Ca5UTSCNE0DHQeXRxEtkerIxnp1MIIK5Jqk/edit?usp=sharing
In the new reference graph, references from parent to child are made strong ref, and references from child to parent are made weak ref. For V8 references against TearOffs, a hidden reference to the context V8SVGElement is added to its wrappers to ensure contextElement() is alive while TearOffs are alive.

This patch also contains fixes for bugs exposed from the reference graph change. SVGAnimateElement will ensure stopAnimValAnimation call even if it is destructed while animation is active. SMILElement/SVGAnimateElement is modified to observe lifetime shadow tree instances in addition to the lifetime of original element.

[Reland] The animatedProperties are now detached by SVGElement::cleanupAnimatedProperties, called just after the most-derived-classes-dtor, while their animatedProperties are alive. This detach was previously done inside ~SVGElement in previous patches and caused various problems by referencing dead members of derived classes.

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

More information about the webkit-unassigned mailing list