[Webkit-unassigned] [Bug 135178] JSDOMWindowShell leaks on pages with media elements
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Tue Jul 22 20:23:39 PDT 2014
https://bugs.webkit.org/show_bug.cgi?id=135178
Oliver Hunt <oliver at apple.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #235328|review?, commit-queue? |review-, commit-queue-
Flag| |
--- Comment #8 from Oliver Hunt <oliver at apple.com> 2014-07-22 20:23:51 PST ---
(From update of attachment 235328)
View in context: https://bugs.webkit.org/attachment.cgi?id=235328&action=review
> Source/WebCore/bindings/js/ScriptController.cpp:189
> + Vector<JSC::Strong<JSDOMWindowShell>> windowShells;
> + copyValuesToVector(m_windowShells, windowShells);
> +
> + for (size_t i = 0; i < windowShells.size(); ++i) {
> + JSDOMWindowShell* windowShell = windowShells[i].get();
We must take this, file it as a separate bug as this code is otherwise sadly unsafe :(
> Source/WebCore/html/HTMLMediaElement.cpp:421
> + if (m_isolatedWorld)
> + m_isolatedWorld->clearWrappers();
This is wrong - it means if we ever destroy an htmlmediaelement we'll nuke all the dom wrappers
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list