Break Document::m_associatedFormControls reference cycle.

<https://webkit.org/b/170946>

Reviewed by Antti Koivisto.

There was a race between didAssociateFormControls() and didAssociateFormControlsTimerFired()
where detaching Document from its frame between the two would lead to an unbreakable reference
cycle between Document and its form elements.

Solve this by clearing the set of associated form elements in removedLastRef(), where we clear
all the other strong smart pointers to elements.

* dom/Document.cpp:
(WebCore::Document::removedLastRef):


Canonical link: https://commits.webkit.org/187873@main
git-svn-id: https://svn.webkit.org/repository/webkit/trunk@215465 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Source/WebCore/ChangeLog

@@ -1,3 +1,20 @@
+2017-04-18  Andreas Kling  <akling@apple.com>
+
+        Break Document::m_associatedFormControls reference cycle.
+        <https://webkit.org/b/170946>
+
+        Reviewed by Antti Koivisto.
+
+        There was a race between didAssociateFormControls() and didAssociateFormControlsTimerFired()
+        where detaching Document from its frame between the two would lead to an unbreakable reference
+        cycle between Document and its form elements.
+
+        Solve this by clearing the set of associated form elements in removedLastRef(), where we clear
+        all the other strong smart pointers to elements.
+
+        * dom/Document.cpp:
+        (WebCore::Document::removedLastRef):
+
 2017-04-18  Manuel Rego Casasnovas  <rego@igalia.com>
 
         [css-grid] Add support for percentage gaps

Source/WebCore/dom/Document.cpp

@@ -625,6 +625,7 @@ void Document::removedLastRef()
         m_fullScreenElement = nullptr;
         m_fullScreenElementStack.clear();
 #endif
+        m_associatedFormControls.clear();
 
         detachParser();