117840 2013-06-20 11:27:50 -0700 Improper deallocation of JSManagedValue causes crashes during autorelease pool draining 2013-06-20 11:38:15 -0700 1 1 1 Unclassified WebKit JavaScriptCore 528+ (Nightly build) Unspecified Unspecified RESOLVED FIXED P2 Normal --- 1 mhahnenberg mhahnenberg oldest_to_newest 902227 0 mhahnenberg 2013-06-20 11:27:50 -0700 Improperly managing a JSManagedValue can cause a crash when the JSC::Weak inside the JSManagedValue is destroyed upon deallocation. We would rather have improperly maintained JSManagedValues cause memory leaks than take down the whole app. The fix is to use the callback to the JSC::Weak on the destruction of the VM so that we can safely null it out. This will prevent ~Weak from crashing. 902228 1 205104 mhahnenberg 2013-06-20 11:30:28 -0700 Created attachment 205104 Patch 902230 2 205104 ggaren 2013-06-20 11:33:32 -0700 Comment on attachment 205104 Patch View in context: https://bugs.webkit.org/attachment.cgi?id=205104&action=review r=me > Source/JavaScriptCore/API/JSManagedValue.mm:114 > + [managedValue weakField]->clear(); Minor nit: I think our usual pattern for clearing a weak pointer would be "[managedValue disconnectValue]". 902231 3 mhahnenberg 2013-06-20 11:36:51 -0700 Committed r151786: <http://trac.webkit.org/changeset/151786> 902232 4 mhahnenberg 2013-06-20 11:38:15 -0700 <rdar://problem/14149317> 205104 2013-06-20 11:30:28 -0700 2013-06-20 11:33:31 -0700 Patch bug-117840-20130620113106.patch text/plain 3866 mhahnenberg SW5kZXg6IFNvdXJjZS9KYXZhU2NyaXB0Q29yZS9DaGFuZ2VMb2cKPT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PQotLS0gU291 cmNlL0phdmFTY3JpcHRDb3JlL0NoYW5nZUxvZwkocmV2aXNpb24gMTUxNzg1KQorKysgU291cmNl L0phdmFTY3JpcHRDb3JlL0NoYW5nZUxvZwkod29ya2luZyBjb3B5KQpAQCAtMSwzICsxLDIzIEBA CisyMDEzLTA2LTIwICBNYXJrIEhhaG5lbmJlcmcgIDxtaGFobmVuYmVyZ0BhcHBsZS5jb20+CisK KyAgICAgICAgSW1wcm9wZXIgZGVhbGxvY2F0aW9uIG9mIEpTTWFuYWdlZFZhbHVlIGNhdXNlcyBj cmFzaGVzIGR1cmluZyBhdXRvcmVsZWFzZSBwb29sIGRyYWluaW5nCisgICAgICAgIGh0dHBzOi8v YnVncy53ZWJraXQub3JnL3Nob3dfYnVnLmNnaT9pZD0xMTc4NDAKKworICAgICAgICBSZXZpZXdl ZCBieSBOT0JPRFkgKE9PUFMhKS4KKworICAgICAgICBJbXByb3Blcmx5IG1hbmFnaW5nIGEgSlNN YW5hZ2VkVmFsdWUgY2FuIGNhdXNlIGEgY3Jhc2ggd2hlbiB0aGUgSlNDOjpXZWFrIGluc2lkZSB0 aGUgCisgICAgICAgIEpTTWFuYWdlZFZhbHVlIGlzIGRlc3Ryb3llZCB1cG9uIGRlYWxsb2NhdGlv bi4gV2Ugd291bGQgcmF0aGVyIGhhdmUgaW1wcm9wZXJseSBtYWludGFpbmVkIAorICAgICAgICBK U01hbmFnZWRWYWx1ZXMgY2F1c2UgbWVtb3J5IGxlYWtzIHRoYW4gdGFrZSBkb3duIHRoZSB3aG9s ZSBhcHAuIAorCisgICAgICAgIFRoZSBmaXggaXMgdG8gdXNlIHRoZSBjYWxsYmFjayB0byB0aGUg SlNDOjpXZWFrIG9uIHRoZSBkZXN0cnVjdGlvbiBvZiB0aGUgVk0gc28gdGhhdCB3ZSAKKyAgICAg ICAgY2FuIHNhZmVseSBudWxsIGl0IG91dC4gVGhpcyB3aWxsIHByZXZlbnQgfldlYWsgZnJvbSBj cmFzaGluZy4KKworICAgICAgICAqIEFQSS9KU01hbmFnZWRWYWx1ZS5tbToKKyAgICAgICAgKC1b SlNNYW5hZ2VkVmFsdWUgSlNDOjpKU0M6Ol0pOgorICAgICAgICAoSlNNYW5hZ2VkVmFsdWVIYW5k bGVPd25lcjo6ZmluYWxpemUpOgorICAgICAgICAqIEFQSS90ZXN0cy90ZXN0YXBpLm1tOiBBZGRl ZCBhIHRlc3QgdGhhdCBjcmFzaGVkIHByaW9yIHRvIHRoaXMgZml4IGR1ZSB0byBhIGxlYWtlZCAK KyAgICAgICAgbWFuYWdlZCByZWZlcmVuY2UuIEFsc28gZml4ZWQgYSBzbWFsbCBzdHlsZSBuaXQg SSBub3RpY2VkIGluIGFub3RoZXIgdGVzdC4KKwogMjAxMy0wNi0xOCAgT2xpdmVyIEh1bnQgIDxv bGl2ZXJAYXBwbGUuY29tPgogCiAgICAgICAgIEdvaW5nIHRvIGdvb2dsZS5jb20vdHJlbmRzIGNh dXNlcyBhIGNyYXNoCkluZGV4OiBTb3VyY2UvSmF2YVNjcmlwdENvcmUvQVBJL0pTTWFuYWdlZFZh bHVlLm1tCj09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT0KLS0tIFNvdXJjZS9KYXZhU2NyaXB0Q29yZS9BUEkvSlNNYW5hZ2Vk VmFsdWUubW0JKHJldmlzaW9uIDE1MTc4NCkKKysrIFNvdXJjZS9KYXZhU2NyaXB0Q29yZS9BUEkv SlNNYW5hZ2VkVmFsdWUubW0JKHdvcmtpbmcgY29weSkKQEAgLTQwLDYgKzQwLDcgQEAKIAogY2xh c3MgSlNNYW5hZ2VkVmFsdWVIYW5kbGVPd25lciA6IHB1YmxpYyBKU0M6OldlYWtIYW5kbGVPd25l ciB7CiBwdWJsaWM6CisgICAgdmlydHVhbCB2b2lkIGZpbmFsaXplKEpTQzo6SGFuZGxlPEpTQzo6 VW5rbm93bj4sIHZvaWQqIGNvbnRleHQpOwogICAgIHZpcnR1YWwgYm9vbCBpc1JlYWNoYWJsZUZy b21PcGFxdWVSb290cyhKU0M6OkhhbmRsZTxKU0M6OlVua25vd24+LCB2b2lkKiBjb250ZXh0LCBK U0M6OlNsb3RWaXNpdG9yJik7CiB9OwogCkBAIC05MCw2ICs5MSwxNSBAQCAtIChKU1ZhbHVlICop dmFsdWUKICAgICByZXR1cm4gW0pTVmFsdWUgdmFsdWVXaXRoSlNWYWx1ZVJlZjp0b1JlZihvYmpl Y3QpIGluQ29udGV4dDpjb250ZXh0XTsKIH0KIAorLSAoSlNDOjpXZWFrPEpTQzo6SlNPYmplY3Q+ Kil3ZWFrRmllbGQKK3sKKyAgICByZXR1cm4gJm1fdmFsdWU7Cit9CisKK0BlbmQKKworQGludGVy ZmFjZSBKU01hbmFnZWRWYWx1ZSAoUHJpdmF0ZU1ldGhvZHMpCistIChKU0M6OldlYWs8SlNDOjpK U09iamVjdD4qKSB3ZWFrRmllbGQ7CiBAZW5kCiAKIGJvb2wgSlNNYW5hZ2VkVmFsdWVIYW5kbGVP d25lcjo6aXNSZWFjaGFibGVGcm9tT3BhcXVlUm9vdHMoSlNDOjpIYW5kbGU8SlNDOjpVbmtub3du Piwgdm9pZCogY29udGV4dCwgSlNDOjpTbG90VmlzaXRvciYgdmlzaXRvcikKQEAgLTk4LDQgKzEw OCwxMCBAQCBib29sIEpTTWFuYWdlZFZhbHVlSGFuZGxlT3duZXI6OmlzUmVhY2hhCiAgICAgcmV0 dXJuIHZpc2l0b3IuY29udGFpbnNPcGFxdWVSb290KG1hbmFnZWRWYWx1ZSk7CiB9CiAKK3ZvaWQg SlNNYW5hZ2VkVmFsdWVIYW5kbGVPd25lcjo6ZmluYWxpemUoSlNDOjpIYW5kbGU8SlNDOjpVbmtu b3duPiwgdm9pZCogY29udGV4dCkKK3sKKyAgICBKU01hbmFnZWRWYWx1ZSAqbWFuYWdlZFZhbHVl ID0gc3RhdGljX2Nhc3Q8SlNNYW5hZ2VkVmFsdWUgKj4oY29udGV4dCk7CisgICAgW21hbmFnZWRW YWx1ZSB3ZWFrRmllbGRdLT5jbGVhcigpOworfQorCiAjZW5kaWYgLy8gSlNDX09CSkNfQVBJX0VO QUJMRUQKSW5kZXg6IFNvdXJjZS9KYXZhU2NyaXB0Q29yZS9BUEkvdGVzdHMvdGVzdGFwaS5tbQo9 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09Ci0tLSBTb3VyY2UvSmF2YVNjcmlwdENvcmUvQVBJL3Rlc3RzL3Rlc3RhcGkubW0J KHJldmlzaW9uIDE1MTc4NCkKKysrIFNvdXJjZS9KYXZhU2NyaXB0Q29yZS9BUEkvdGVzdHMvdGVz dGFwaS5tbQkod29ya2luZyBjb3B5KQpAQCAtODE0LDExICs4MTQsMjIgQEAgdm9pZCB0ZXN0T2Jq ZWN0aXZlQ0FQSSgpCiAKICAgICBAYXV0b3JlbGVhc2Vwb29sIHsKICAgICAgICAgSlNDb250ZXh0 ICpjb250ZXh0ID0gW1tKU0NvbnRleHQgYWxsb2NdIGluaXRdOwotICAgICAgICBUZXN0T2JqZWN0 ICp0ZXN0T2JqZWN0ID0gVGVzdE9iamVjdC50ZXN0T2JqZWN0OworICAgICAgICBUZXN0T2JqZWN0 ICp0ZXN0T2JqZWN0ID0gW1Rlc3RPYmplY3QgdGVzdE9iamVjdF07CiAgICAgICAgIGNvbnRleHRb QCJ0ZXN0T2JqZWN0Il0gPSB0ZXN0T2JqZWN0OwogICAgICAgICBbY29udGV4dCBldmFsdWF0ZVNj cmlwdDpAInRlc3RPYmplY3QuX19sb29rdXBHZXR0ZXJfXygndmFyaWFibGUnKS5jYWxsKHt9KSJd OwogICAgICAgICBjaGVja1Jlc3VsdChAIk1ha2Ugc3VyZSB3ZSB0aHJvdyBhbiBleGNlcHRpb24g d2hlbiBjYWxsaW5nIGdldHRlciBvbiBpbmNvcnJlY3QgfHRoaXN8IiwgY29udGV4dC5leGNlcHRp b24pOwogICAgIH0KKworICAgIEBhdXRvcmVsZWFzZXBvb2wgeworICAgICAgICBUZXN0T2JqZWN0 ICp0ZXN0T2JqZWN0ID0gW1Rlc3RPYmplY3QgdGVzdE9iamVjdF07CisgICAgICAgIEpTTWFuYWdl ZFZhbHVlICptYW5hZ2VkVGVzdE9iamVjdDsKKyAgICAgICAgQGF1dG9yZWxlYXNlcG9vbCB7Cisg ICAgICAgICAgICBKU0NvbnRleHQgKmNvbnRleHQgPSBbW0pTQ29udGV4dCBhbGxvY10gaW5pdF07 CisgICAgICAgICAgICBjb250ZXh0W0AidGVzdE9iamVjdCJdID0gdGVzdE9iamVjdDsKKyAgICAg ICAgICAgIG1hbmFnZWRUZXN0T2JqZWN0ID0gW0pTTWFuYWdlZFZhbHVlIG1hbmFnZWRWYWx1ZVdp dGhWYWx1ZTpjb250ZXh0W0AidGVzdE9iamVjdCJdXTsKKyAgICAgICAgICAgIFtjb250ZXh0LnZp cnR1YWxNYWNoaW5lIGFkZE1hbmFnZWRSZWZlcmVuY2U6bWFuYWdlZFRlc3RPYmplY3Qgd2l0aE93 bmVyOnRlc3RPYmplY3RdOworICAgICAgICB9CisgICAgfQogfQogCiAjZWxzZQo=