Remove leak of objects between isolated worlds on custom events.

Source/bindings/v8/custom/V8MessageEventCustom.cpp

 /*
  * Copyright (C) 2009 Google Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions are
  * met:
  *
  *     * Redistributions of source code must retain the above copyright
  * notice, this list of conditions and the following disclaimer.
  *     * Redistributions in binary form must reproduce the above
@@ skipping 14 matching lines @@
  * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
  * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
  * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
 
 #include "config.h"
 #include "V8MessageEvent.h"
 
 #include "bindings/v8/SerializedScriptValue.h"
+#include "bindings/v8/V8HiddenPropertyName.h"
 #include "core/dom/MessageEvent.h"
 
 #include "V8ArrayBuffer.h"
 #include "V8Blob.h"
 #include "V8MessagePort.h"
 #include "V8Window.h"
 #include "bindings/v8/V8Binding.h"
 
 namespace WebCore {
 
 void V8MessageEvent::dataAttrGetterCustom(v8::Local<v8::String> name, const v8::PropertyCallbackInfo<v8::Value>& info)
 {
     MessageEvent* event = V8MessageEvent::toNative(info.Holder());
 
     v8::Handle<v8::Value> result;
     switch (event->dataType()) {
     case MessageEvent::DataTypeScriptValue: {
-        ScriptValue scriptValue = event->dataAsScriptValue();
-        if (scriptValue.hasNoValue())
-            result = v8Null(info.GetIsolate());
-        else
-            result = scriptValue.v8Value();
+        result = info.Holder()->GetHiddenValue(V8HiddenPropertyName::data());
+        if (result.IsEmpty()) {
+            // This is necessary because of the V8 bug 2746. V8 returns an
+            // empty handler when a hidden value is v8::Undefined. Thus, it is
+            // necessary to keep extra state around in the event about whether
+            // the value was set in the first place. That is, if the detail was
+            // set, and V8 returns an empty handler for the value, we know that
+            // the value must actually be a v8::Undefined(), so we explicitly
+            // set that here. Oy!
+            //
+            // Once bug 2746 is addressed, the following 'if' should become
+            // unnecessary, and should be reducable to just the v8Null()
+            // assignment. Please see the related comments in
+            // V8CustomEventCustom.cpp and V8PopStateEventCustom.cpp as well.
+            if (event->isDataSet())
+                result = v8::Undefined();
+            else
+                result = v8Null(info.GetIsolate());
+        }
         break;
     }
 
     case MessageEvent::DataTypeSerializedScriptValue:
         if (RefPtr<SerializedScriptValue> serializedValue = event->dataAsSerializedScriptValue()) {
             MessagePortArray ports = event->ports();
             result = serializedValue->deserialize(info.GetIsolate(), &ports);
         } else
             result = v8Null(info.GetIsolate());
         break;
@@ skipping 19 matching lines @@
     info.Holder()->ForceSet(name, result, dataAttr);
     v8SetReturnValue(info, result);
 }
 
 void V8MessageEvent::initMessageEventMethodCustom(const v8::FunctionCallbackInfo<v8::Value>& args)
 {
     MessageEvent* event = V8MessageEvent::toNative(args.Holder());
     String typeArg = toWebCoreString(args[0]);
     bool canBubbleArg = args[1]->BooleanValue();
     bool cancelableArg = args[2]->BooleanValue();
-    ScriptValue dataArg = ScriptValue(args[3]);
+    v8::Handle<v8::Value> dataArg = args[3];
     String originArg = toWebCoreString(args[4]);
     String lastEventIdArg = toWebCoreString(args[5]);
 
     DOMWindow* sourceArg = 0;
     if (args[6]->IsObject()) {
         v8::Handle<v8::Object> wrapper = v8::Handle<v8::Object>::Cast(args[6]);
         v8::Handle<v8::Object> window = wrapper->FindInstanceInPrototypeChain(V8Window::GetTemplate(args.GetIsolate(), worldTypeInMainThread(args.GetIsolate())));
         if (!window.IsEmpty())
             sourceArg = V8Window::toNative(window);
     }
     OwnPtr<MessagePortArray> portArray;
 
     if (!isUndefinedOrNull(args[7])) {
         portArray = adoptPtr(new MessagePortArray);
         if (!getMessagePortArray(args[7], *portArray, args.GetIsolate()))
             return;
     }
-    event->initMessageEvent(typeArg, canBubbleArg, cancelableArg, dataArg, originArg, lastEventIdArg, sourceArg, portArray.release());
+    args.Holder()->SetHiddenValue(V8HiddenPropertyName::data(), dataArg);

[adamk, 2013/06/27 00:15:04]

Same question as in initCustomEvent, don't you need to set a bit?

[jww, 2013/06/27 04:35:35]

No longer relevant because we are getting rid of the bit.

+    event->initMessageEvent(typeArg, canBubbleArg, cancelableArg, originArg, lastEventIdArg, sourceArg, portArray.release());
 }
 
 void V8MessageEvent::webkitInitMessageEventMethodCustom(const v8::FunctionCallbackInfo<v8::Value>& args)
 {
     initMessageEventMethodCustom(args);
 }
 
 
 } // namespace WebCore