New issue
Advanced search Search tips

Issue 798549 link

Starred by 1 user
Status: Fixed
Owner:
jinsuk...@chromium.org
Closed: Jan 2018
EstimatedDays: ----
NextAction: ----
OS: Android
Pri: 1
Type: Bug



Sign in to add a comment

native JavascriptInjector

Project Member Reported by boliu@chromium.org, Jan 2 2018 
This comment doesn't actually hold:
https://cs.chromium.org/chromium/src/content/browser/android/javascript_injector.cc?rcl=1378ec8412b3a75df750acc22cdfe0a9adc211b5&l=73

Nothing actually calls web_contents->SetUserData, so the newly created JavascriptInjector is just leaked. Should call JavascriptInjector::CreateForWebContents there instead

Double check other objects like that are ok too, and see if this needs to be merged anywhere

should have caught this in code review..

Comment 1 by jinsuk...@chromium.org, Jan 2 2018

Status: Started (was: Assigned)
Thanks for catching the bug. As a way to address tedchoc@'s comment https://chromium-review.googlesource.com/c/chromium/src/+/828000/2/content/public/android/java/src/org/chromium/content/browser/JavascriptInjectorImpl.java#41, I'm trying to get rid of native WebContentsUserData from JavascriptInjector/GestureListenerManager. Since the only reason they inherit it is to do something at destructor, I think it can be replaced with a logic coming from destruction and handling the WCUD-managed objects.

Comment 2 by boliu@chromium.org, Jan 2 2018 

that's not easy though. that involves using a ReferenceQueue to watch java objects being gc-ed, which we've so far avoided doing in content/ and chrome/

Comment 3 by jinsuk...@chromium.org, Jan 2 2018 

My idea is based on the fact that these native WebContentsUserData-managed objects have the same lifetime as WebContents, so their |destroy| needs to be called as a part of the native WebContents destruction. It doesn't have to be exactly timed with the java object gc. i.e. their destruction won't be initiated by their java object being gc'ed but by the native WebContents destruction, as long as the native destruction precedes the Java counterparts. 

That said, it may be tricky for WebView because the Java objects might be already gc'ed by the time the native WebContents gets destroyed. Maybe WebView could use its own logic calling |destroy|.

Comment 4 by boliu@chromium.org, Jan 2 2018 

I'm not sure what you are trying to say here. Yes webview has its way to ensure native WebContentsImpl is destroyed, so if you want native WebContentsImpl to destroy these other things, then sure, that works. But then that's exactly WebContentsUserData gives you. So that's not really a new design?
Project Member

Comment 5 by bugdroid1@chromium.org, Jan 3 2018 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/e376d0d827d67f26c4c47d01e9ea20f6af5adbff

commit e376d0d827d67f26c4c47d01e9ea20f6af5adbff
Author: Jinsuk Kim <jinsukkim@chromium.org>
Date: Wed Jan 03 01:56:43 2018

Call |SetUserData| for JavascriptInjector

JavascriptInjector in https://crrev.com/c/828000 missed calling
|WebContents::SetUserData|, therefore the newly created instance
is leaked. This CL fixes it.

Bug:  798549 
Change-Id: Ia9c95edcba363f5fc5b8aafaf97cec0ea3dd4759
Reviewed-on: https://chromium-review.googlesource.com/848112
Reviewed-by: Bo <boliu@chromium.org>
Commit-Queue: Jinsuk Kim <jinsukkim@chromium.org>
Cr-Commit-Position: refs/heads/master@{#526580}
[modify] https://crrev.com/e376d0d827d67f26c4c47d01e9ea20f6af5adbff/content/browser/android/javascript_injector.cc

Comment 6 by jinsuk...@chromium.org, Jan 5 2018

Status: Fixed (was: Started)

Sign in to add a comment