20169 2008-07-25 03:59:03 -0700 Memory allocated with fastMalloc is freed with delete 2008-07-29 22:53:21 -0700 1 1 1 Unclassified WebKit JavaScriptCore 528+ (Nightly build) PC Linux RESOLVED FIXED P2 Minor --- 1 siket ap oldest_to_newest 86936 0 siket 2008-07-25 03:59:03 -0700 We analyzed WebKit (r35249, qt-linux) with Valgrind and found that memory allocated with fastMalloc is freed with delete. WebKit\JavaScriptCore\wtf\Vector.h file contains the allocation in the following function: inline T* Vector<T, inlineCapacity>::releaseBuffer() { T* buffer = m_buffer.releaseBuffer(); if (inlineCapacity && !buffer && m_size) { // If the vector had some data, but no buffer to release, // that means it was using the inline buffer. In that case, // we create a brand new buffer so the caller always gets one. size_t bytes = m_size * sizeof(T); buffer = static_cast<T*>(fastMalloc(bytes)); memcpy(buffer, data(), bytes); } ASSERT(buffer); m_size = 0; return buffer; } And the memory is freed in WebKit\JavaScriptCore\VM\JSPropertyNameIterator.cpp file, in the following function: void JSPropertyNameIterator::invalidate() { delete m_propertyNames; m_object = 0; m_propertyNames = 0; } 86939 1 22473 ap 2008-07-25 06:53:52 -0700 Created attachment 22473 proposed fix Now, here's some seriously ugly code... I blame whoever implemented PropertyNameArray::releaseIdentifiers() :) 87270 2 22473 sam 2008-07-29 10:00:01 -0700 Comment on attachment 22473 proposed fix typo in the ChangeLog, you mean "Delete the array by calling *invalidata()*" 87363 3 ap 2008-07-29 22:53:21 -0700 Committed revision 35439. 22473 2008-07-25 06:53:52 -0700 2008-07-29 10:00:01 -0700 proposed fix 20169r1_patch.txt text/plain 1558 ap SW5kZXg6IEphdmFTY3JpcHRDb3JlL0NoYW5nZUxvZwo9PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09Ci0tLSBKYXZhU2NyaXB0 Q29yZS9DaGFuZ2VMb2cJKHJldmlzaW9uIDM1MzQyKQorKysgSmF2YVNjcmlwdENvcmUvQ2hhbmdl TG9nCSh3b3JraW5nIGNvcHkpCkBAIC0xLDMgKzEsMTUgQEAKKzIwMDgtMDctMjUgIEFsZXhleSBQ cm9za3VyeWFrb3YgIDxhcEB3ZWJraXQub3JnPgorCisgICAgICAgIFJldmlld2VkIGJ5IE5PQk9E WSAoT09QUyEpLgorCisgICAgICAgIGh0dHBzOi8vYnVncy53ZWJraXQub3JnL3Nob3dfYnVnLmNn aT9pZD0yMDE2OQorICAgICAgICBNZW1vcnkgYWxsb2NhdGVkIHdpdGggZmFzdE1hbGxvYyBpcyBm cmVlZCB3aXRoIGRlbGV0ZQorCisgICAgICAgICogVk0vSlNQcm9wZXJ0eU5hbWVJdGVyYXRvci5j cHA6CisgICAgICAgIChLSlM6OkpTUHJvcGVydHlOYW1lSXRlcmF0b3I6OmludmFsaWRhdGUpOiBG cmVlIHRoZSBhcnJheSBwcm9wZXJseS4KKyAgICAgICAgKEtKUzo6SlNQcm9wZXJ0eU5hbWVJdGVy YXRvcjo6fkpTUHJvcGVydHlOYW1lSXRlcmF0b3IpOiBEZWxldGUgdGhlIGFycmF5IGJ5IGNhbGxp bmcKKyAgICAgICAgdmFsaWRhdGUoKS4KKwogMjAwOC0wNy0yNSAgQWxleGV5IFByb3NrdXJ5YWtv diAgPGFwQHdlYmtpdC5vcmc+CiAKICAgICAgICAgUmV2aWV3ZWQgYnkgU2ltb24gSGF1c21hbm4u CkluZGV4OiBKYXZhU2NyaXB0Q29yZS9WTS9KU1Byb3BlcnR5TmFtZUl0ZXJhdG9yLmNwcAo9PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09Ci0tLSBKYXZhU2NyaXB0Q29yZS9WTS9KU1Byb3BlcnR5TmFtZUl0ZXJhdG9yLmNwcAko cmV2aXNpb24gMzUzMzgpCisrKyBKYXZhU2NyaXB0Q29yZS9WTS9KU1Byb3BlcnR5TmFtZUl0ZXJh dG9yLmNwcAkod29ya2luZyBjb3B5KQpAQCAtNjAsNyArNjAsNyBAQCBKU1Byb3BlcnR5TmFtZUl0 ZXJhdG9yOjpKU1Byb3BlcnR5TmFtZUl0CiAKIEpTUHJvcGVydHlOYW1lSXRlcmF0b3I6On5KU1By b3BlcnR5TmFtZUl0ZXJhdG9yKCkKIHsKLSAgICBkZWxldGUgbV9wcm9wZXJ0eU5hbWVzOworICAg IGludmFsaWRhdGUoKTsKIH0KIAogSlNUeXBlIEpTUHJvcGVydHlOYW1lSXRlcmF0b3I6OnR5cGUo KSBjb25zdApAQCAtMTI0LDcgKzEyNCwxMSBAQCBKU1ZhbHVlKiBKU1Byb3BlcnR5TmFtZUl0ZXJh dG9yOjpuZXh0KEV4CiAKIHZvaWQgSlNQcm9wZXJ0eU5hbWVJdGVyYXRvcjo6aW52YWxpZGF0ZSgp CiB7Ci0gICAgZGVsZXRlIG1fcHJvcGVydHlOYW1lczsKKyAgICBpZiAobV9wcm9wZXJ0eU5hbWVz KSB7CisgICAgICAgIGZvciAoSWRlbnRpZmllciogcCA9IG1fcHJvcGVydHlOYW1lczsgcCAhPSBt X2VuZDsgKytwKQorICAgICAgICAgICAgcC0+fklkZW50aWZpZXIoKTsKKyAgICAgICAgZmFzdEZy ZWUobV9wcm9wZXJ0eU5hbWVzKTsKKyAgICB9CiAgICAgbV9vYmplY3QgPSAwOwogICAgIG1fcHJv cGVydHlOYW1lcyA9IDA7CiB9Cg==