27211 2009-07-13 04:58:53 -0700 fastMalloc and fastFree mismatch correction 2009-08-24 10:55:41 -0700 1 1 1 Unclassified WebKit WebCore Misc. 528+ (Nightly build) PC All RESOLVED DUPLICATE 25930 P2 Normal --- 0 zoltan webkit-unassigned darin kbalazs oldest_to_newest 131297 0 zoltan 2009-07-13 04:58:53 -0700 An array in CSSSelectorList.cpp has been allocated with fastMalloc and freed with delete instead of fastFree. fastFree should be called to match fastMalloc and fastFree. (It is very important for custom allocation framework.) 131298 1 32657 zoltan 2009-07-13 05:04:12 -0700 Created attachment 32657 proposed patch 131345 2 darin 2009-07-13 10:31:15 -0700 There’s been a lot of back and forth about this in another bug. This is not the correct fix -- it's hard to find the correct fix. I'll have to find the other bug for you. 131346 3 darin 2009-07-13 10:31:51 -0700 *** This bug has been marked as a duplicate of bug 25930 *** 142307 4 kbalazs 2009-08-24 07:27:51 -0700 I think there is no problem freeing with fastFree here, since Vector allocates it's storage with fastMalloc. What have I missed? 142331 5 darin 2009-08-24 10:55:41 -0700 (In reply to comment #4) > I think there is no problem freeing with fastFree here, since Vector allocates > it's storage with fastMalloc. What have I missed? How Vector allocates its storage is irrelevant, since is not the vector storage being freed. The vector storage is a pointer in selectorVector.m_buffer.m_buffer. What's being freed here is selectorVector[i]. If you trace the flow of the code back you'll see that it's a CSSSelector object that was allocated by the CSSParser::createFloatingSelector function. 32657 2009-07-13 05:04:12 -0700 2009-07-13 10:32:02 -0700 proposed patch CSSSelectorList.patch text/plain 1843 zoltan SW5kZXg6IFdlYkNvcmUvQ2hhbmdlTG9nCj09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT0KLS0tIFdlYkNvcmUvQ2hhbmdlTG9n CShyZXZpc2lvbiA0NTgxNCkKKysrIFdlYkNvcmUvQ2hhbmdlTG9nCSh3b3JraW5nIGNvcHkpCkBA IC0xLDMgKzEsMTcgQEAKKzIwMDktMDctMTMgIFpvbHRhbiBIb3J2YXRoICA8aHpvbHRhbkBpbmYu dS1zemVnZWQuaHU+CisKKyAgICAgICAgUmV2aWV3ZWQgYnkgTk9CT0RZIChPT1BTISkuCisKKyAg ICAgICAgQ29ycmVjdGlvbiBvZiBmYXN0TWFsbG9jIGFuZCBmYXN0RnJlZSBtaXNtYXRjaCBpbiBD U1NTZWxlY3Rvckxpc3QuCisgICAgICAgIGh0dHBzOi8vYnVncy53ZWJraXQub3JnL3Nob3dfYnVn LmNnaT9pZD0yNzIxMQorCisgICAgICAgIEFuIGFycmF5IGluIENTU1NlbGVjdG9yTGlzdC5jcHAg aGFzIGJlZW4gYWxsb2NhdGVkIHdpdGggZmFzdE1hbGxvYyAKKyAgICAgICAgYW5kIGZyZWVkIHdp dGggZGVsZXRlIGluc3RlYWQgb2YgZmFzdEZyZWUuCisgICAgICAgIE9wZXJhdG9yIGRlbGV0ZSBo YXMgYmVlbiBjaGFuZ2VkIHRvIGZhc3RGcmVlIC4KKworICAgICAgICAqIGNzcy9DU1NTZWxlY3Rv ckxpc3QuY3BwOgorICAgICAgICAoV2ViQ29yZTo6Q1NTU2VsZWN0b3JMaXN0OjphZG9wdFNlbGVj dG9yVmVjdG9yKToKKwogMjAwOS0wNy0xMyAgU2ltb24gSGF1c21hbm4gIDxoYXVzbWFubkB3ZWJr aXQub3JnPgogCiAgICAgICAgIFJldmlld2VkIGJ5IEFyaXlhIEhpZGF5YXQuCkluZGV4OiBXZWJD b3JlL2Nzcy9DU1NTZWxlY3Rvckxpc3QuY3BwCj09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT0KLS0tIFdlYkNvcmUvY3NzL0NT U1NlbGVjdG9yTGlzdC5jcHAJKHJldmlzaW9uIDQ1ODE0KQorKysgV2ViQ29yZS9jc3MvQ1NTU2Vs ZWN0b3JMaXN0LmNwcAkod29ya2luZyBjb3B5KQpAQCAtNTUsMTEgKzU1LDcgQEAgdm9pZCBDU1NT ZWxlY3Rvckxpc3Q6OmFkb3B0U2VsZWN0b3JWZWN0bwogICAgIG1fc2VsZWN0b3JBcnJheSA9IHJl aW50ZXJwcmV0X2Nhc3Q8Q1NTU2VsZWN0b3IqPihmYXN0TWFsbG9jKHNpemVvZihDU1NTZWxlY3Rv cikgKiBzZWxlY3RvclZlY3Rvci5zaXplKCkpKTsKICAgICBmb3IgKHNpemVfdCBpID0gMDsgaSA8 IHNpemU7ICsraSkgewogICAgICAgICBtZW1jcHkoJm1fc2VsZWN0b3JBcnJheVtpXSwgc2VsZWN0 b3JWZWN0b3JbaV0sIHNpemVvZihDU1NTZWxlY3RvcikpOwotICAgICAgICAvLyBXZSB3YW50IHRv IGZyZWUgdGhlIG1lbW9yeSAod2hpY2ggd2FzIGFsbG9jYXRlZCB3aXRoIG5ldyksIGJ1dCB3ZQot ICAgICAgICAvLyBkb24ndCB3YW50IHRoZSBkZXN0cnVjdG9yIHRvIHJ1biBzaW5jZSBpdCB3aWxs IGFmZmVjdCB0aGUgY29weQotICAgICAgICAvLyB3ZSd2ZSBqdXN0IG1hZGUuIEluIHRoZW9yeSB0 aGlzIGlzIHVuZGVmaW5lZCwgYnV0IG9wZXJhdG9yIGRlbGV0ZQotICAgICAgICAvLyBpcyBvbmx5 IGRlZmluZWQgdGFraW5nIGEgdm9pZCosIHNvIGluIHByYWN0aWNlIGl0IHNob3VsZCBiZSBvay4K LSAgICAgICAgZGVsZXRlIHJlaW50ZXJwcmV0X2Nhc3Q8Y2hhcio+KHNlbGVjdG9yVmVjdG9yW2ld KTsKKyAgICAgICAgZmFzdEZyZWUocmVpbnRlcnByZXRfY2FzdDxjaGFyKj4oc2VsZWN0b3JWZWN0 b3JbaV0pKTsKICAgICAgICAgQVNTRVJUKCFtX3NlbGVjdG9yQXJyYXlbaV0uaXNMYXN0SW5TZWxl Y3Rvckxpc3QoKSk7CiAgICAgfQogICAgIG1fc2VsZWN0b3JBcnJheVtzaXplIC0gMV0uc2V0TGFz dEluU2VsZWN0b3JMaXN0KCk7Cg==