[Webkit-unassigned] [Bug 120886] New: Fix XMLHttpRequest leak document when send() is called multiple times

Fri Sep 6 12:49:45 PDT 2013

https://bugs.webkit.org/show_bug.cgi?id=120886

           Summary: Fix XMLHttpRequest leak document when send() is called
                    multiple times
           Product: WebKit
           Version: 528+ (Nightly build)
          Platform: Unspecified
        OS/Version: Unspecified
            Status: NEW
          Keywords: BlinkMergeCandidate
          Severity: Normal
          Priority: P2
         Component: XML
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: rniwa at webkit.org
                CC: mjs at apple.com, ap at webkit.org

Consider merging https://chromium.googlesource.com/chromium/blink/+/b3786a870d66cf04539a8272e951643f10d4738f
or delete the threaded parser.

XMLHttpRequest creates a ThreadableLoader which may call XHR async, so it setPendingActivity() to avoid being destroyed. However, before this patch, unsetPendingActivity() was called asynchronously after ThreadableLoader was destroyed, so it lead to multiple problems:
a) When next m_loader was set in send() with pending unsetPendingActivity(), the pendingActivity may be dropped even when there exists new m_loader need protection.
b) pendingActivity may be set multiple times from pending unsetPendingActivity(), but dropProtectionSoon() only decrements m_pendingActivityCount by one, leading to a leak.

This patch fix the above problems by unsetPendingActivity() synchronously with m_loader destruction where possible. XMLHttpRequest::stop() still uses asynchronous unsetPendingActivity() to workaround issues mentioned in r152266.

The file "leak-check.js" was moved from fast/dom to fast/js to enable access from http tests.

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.