Fix memory leak on serializing neutered ArrayBuffer.

Source/bindings/v8/SerializedScriptValue.cpp

 /*
  * Copyright (C) 2010 Google Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions are
  * met:
  *
  *     * Redistributions of source code must retain the above copyright
  * notice, this list of conditions and the following disclaimer.
  *     * Redistributions in binary form must reproduce the above
@@ skipping 1121 matching lines @@
     {
         ASSERT(!object.IsEmpty());
         ArrayBufferView* arrayBufferView = V8ArrayBufferView::toNative(object);
         if (!arrayBufferView)
             return 0;
         if (!arrayBufferView->buffer())
             return handleError(DataCloneError, next);
         v8::Handle<v8::Value> underlyingBuffer = toV8(arrayBufferView->buffer(), v8::Handle<v8::Object>(), m_writer.getIsolate());
         if (underlyingBuffer.IsEmpty())
             return handleError(DataCloneError, next);
-        StateBase* stateOut = doSerialize(underlyingBuffer, 0);
-        if (stateOut)
+        if (StateBase* stateOut = doSerialize(underlyingBuffer, 0)) {

[Dmitry Lomov (no reviews), 2013/11/04 10:15:35]

style nit: I am a simple programmer and variable declarations inside if
conditions frighten and confuse me. 
Please move the declaration outside if statement (I know other similar
statements in this file follow this style, but this is just WebKit legacy - feel
free to change the other occurences too too)

[sof, 2013/11/04 10:21:14]

alright. One of the likeable syntactic features of c++, imo.

+            while (stateOut)
+                stateOut = pop(stateOut);

[Dmitry Lomov (no reviews), 2013/11/04 10:15:35]

Hmm I do not like this popping out loop (It repeats what happens in
handleError). If I understand correctly, the correct fix here would be to pass
'next' into doSerialize (instead of 0 second parameter) and then just return the
result if if it is non-null.

[sof, 2013/11/04 10:21:14]

Hmm, and we won't run into the depth check at the front of doSerialize() by
propagating the stack (represented by 'next')?

             return handleError(DataCloneError, next);
+        }
         m_writer.writeArrayBufferView(*arrayBufferView);
         // This should be safe: we serialize something that we know to be a wrapper (see
         // the toV8 call above), so the call to doSerialize above should neither cause
         // the stack to overflow nor should it have the potential to reach this
         // ArrayBufferView again. We do need to grey the underlying buffer before we grey
         // its view, however; ArrayBuffers may be shared, so they need to be given reference IDs,
         // and an ArrayBufferView cannot be constructed without a corresponding ArrayBuffer
         // (or without an additional tag that would allow us to do two-stage construction
         // like we do for Objects and Arrays).
         greyObject(object);
@@ skipping 1400 matching lines @@
     // If the allocated memory was not registered before, then this class is likely
     // used in a context other then Worker's onmessage environment and the presence of
     // current v8 context is not guaranteed. Avoid calling v8 then.
     if (m_externallyAllocatedMemory) {
         ASSERT(v8::Isolate::GetCurrent());
         v8::V8::AdjustAmountOfExternalAllocatedMemory(-m_externallyAllocatedMemory);
     }
 }
 
 } // namespace WebCore