127072 2014-01-15 16:07:16 -0800 Don't autorelease wrapper object (WebProcessPlugInScriptWorld) for InjectedBundleScriptWorld::normalWorld(). 2014-01-15 18:00:18 -0800 1 1 1 Unclassified WebKit WebKit2 528+ (Nightly build) Unspecified Unspecified RESOLVED FIXED P2 Normal --- 1 yongjun_zhang webkit-unassigned andersca commit-queue ggaren mitz sam oldest_to_newest 968511 0 yongjun_zhang 2014-01-15 16:07:16 -0800 InjectedBundleScriptWorld::normalWorld() returns a static InjectedBundleScriptWorld, autoreleasing its wrapper object could cause dangling pointer to InjectedBundleScriptWorld and crash. 968512 1 yongjun_zhang 2014-01-15 16:08:33 -0800 This is referring to the method [WKWebProcessPlugInScriptWorld normalWorld]: + (WKWebProcessPlugInScriptWorld *)normalWorld { return [wrapper(*InjectedBundleScriptWorld::normalWorld()) autorelease]; } 968513 2 221313 yongjun_zhang 2014-01-15 16:14:45 -0800 Created attachment 221313 Patch. 968537 3 221313 ggaren 2014-01-15 17:18:40 -0800 Comment on attachment 221313 Patch. What about all the other uses of the "[wrapper(X) autorelease]" idiom, like the "world" selector in the same file, and a bunch of others? 968539 4 ggaren 2014-01-15 17:21:26 -0800 (In reply to comment #3) > (From update of attachment 221313 [details]) > What about all the other uses of the "[wrapper(X) autorelease]" idiom, like the "world" selector in the same file, and a bunch of others? I see. In all other cases, we only autorelease after allocating or ref-ing. 968540 5 221313 ggaren 2014-01-15 17:21:42 -0800 Comment on attachment 221313 Patch. r=me Sadly, I am not a WK2 owner :(. 968541 6 mitz 2014-01-15 17:23:26 -0800 r=me too 968551 7 221313 commit-queue 2014-01-15 18:00:16 -0800 Comment on attachment 221313 Patch. Clearing flags on attachment: 221313 Committed r162106: <http://trac.webkit.org/changeset/162106> 968552 8 commit-queue 2014-01-15 18:00:18 -0800 All reviewed patches have been landed. Closing bug. 221313 2014-01-15 16:14:45 -0800 2014-01-15 18:00:16 -0800 Patch. autorelease_wkWebProcessPlugInScriptWorld.patch text/plain 1593 yongjun_zhang SW5kZXg6IFNvdXJjZS9XZWJLaXQyL0NoYW5nZUxvZwo9PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09Ci0tLSBTb3VyY2UvV2Vi S2l0Mi9DaGFuZ2VMb2cJKHJldmlzaW9uIDE2MjEwMSkKKysrIFNvdXJjZS9XZWJLaXQyL0NoYW5n ZUxvZwkod29ya2luZyBjb3B5KQpAQCAtMSwzICsxLDE2IEBACisyMDE0LTAxLTE1ICBZb25nanVu IFpoYW5nICA8eW9uZ2p1bl96aGFuZ0BhcHBsZS5jb20+CisKKyAgICAgICAgaHR0cHM6Ly9idWdz LndlYmtpdC5vcmcvc2hvd19idWcuY2dpP2lkPTEyNzA3MgorICAgICAgICBEb24ndCBhdXRvcmVs ZWFzZSB3cmFwcGVyIG9iamVjdCAoV2ViUHJvY2Vzc1BsdWdJblNjcmlwdFdvcmxkKSBmb3IgSW5q ZWN0ZWRCdW5kbGVTY3JpcHRXb3JsZDo6bm9ybWFsV29ybGQoKS4KKworICAgICAgICBSZXZpZXdl ZCBieSBOT0JPRFkgKE9PUFMhKS4KKworICAgICAgICBJbiBbV0tXZWJQcm9jZXNzUGx1Z0luU2Ny aXB0V29ybGQgbm9ybWFsV29ybGRdLCBJbmplY3RlZEJ1bmRsZVNjcmlwdFdvcmxkOjpub3JtYWxX b3JsZCgpIHJldHVybnMgYSBzdGF0aWMKKyAgICAgICAgaW5zdGFuY2UsICBhdXRvcmVsZWFzaW5n IGl0cyB3cmFwcGVyIG9iamVjdCBjb3VsZCBjYXVzZSBhIGRhbmdsaW5nIHBvaW50ZXIgYW5kIGNy YXNoIGxhdGVyLgorCisgICAgICAgICogV2ViUHJvY2Vzcy9JbmplY3RlZEJ1bmRsZS9BUEkvQ29j b2EvV0tXZWJQcm9jZXNzUGx1Z0luU2NyaXB0V29ybGQubW06CisgICAgICAgICgrW1dLV2ViUHJv Y2Vzc1BsdWdJblNjcmlwdFdvcmxkIG5vcm1hbFdvcmxkXSk6CisKIDIwMTQtMDEtMTUgIFlvbmdq dW4gWmhhbmcgIDx5b25nanVuX3poYW5nQGFwcGxlLmNvbT4KIAogICAgICAgICBodHRwczovL2J1 Z3Mud2Via2l0Lm9yZy9zaG93X2J1Zy5jZ2k/aWQ9MTI3MDY2CkluZGV4OiBTb3VyY2UvV2ViS2l0 Mi9XZWJQcm9jZXNzL0luamVjdGVkQnVuZGxlL0FQSS9Db2NvYS9XS1dlYlByb2Nlc3NQbHVnSW5T Y3JpcHRXb3JsZC5tbQo9PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09Ci0tLSBTb3VyY2UvV2ViS2l0Mi9XZWJQcm9jZXNzL0lu amVjdGVkQnVuZGxlL0FQSS9Db2NvYS9XS1dlYlByb2Nlc3NQbHVnSW5TY3JpcHRXb3JsZC5tbQko cmV2aXNpb24gMTYyMTAxKQorKysgU291cmNlL1dlYktpdDIvV2ViUHJvY2Vzcy9JbmplY3RlZEJ1 bmRsZS9BUEkvQ29jb2EvV0tXZWJQcm9jZXNzUGx1Z0luU2NyaXB0V29ybGQubW0JKHdvcmtpbmcg Y29weSkKQEAgLTQyLDcgKzQyLDcgQEAgKyAoV0tXZWJQcm9jZXNzUGx1Z0luU2NyaXB0V29ybGQg Kil3b3JsZAogCiArIChXS1dlYlByb2Nlc3NQbHVnSW5TY3JpcHRXb3JsZCAqKW5vcm1hbFdvcmxk CiB7Ci0gICAgcmV0dXJuIFt3cmFwcGVyKCpJbmplY3RlZEJ1bmRsZVNjcmlwdFdvcmxkOjpub3Jt YWxXb3JsZCgpKSBhdXRvcmVsZWFzZV07CisgICAgcmV0dXJuIHdyYXBwZXIoKkluamVjdGVkQnVu ZGxlU2NyaXB0V29ybGQ6Om5vcm1hbFdvcmxkKCkpOwogfQogCiAtICh2b2lkKWRlYWxsb2MK