Bug 121291

Summary: OwnArrayPtr: Never allow implicit pointer conversion
Product: WebKit Reporter: Mikhail Pozdnyakov <mikhail.pozdnyakov>
Component: Web Template FrameworkAssignee: Mikhail Pozdnyakov <mikhail.pozdnyakov>
Status: RESOLVED FIXED    
Severity: Normal CC: andersca, benjamin, cmarcelo, commit-queue, darin, kling, koivisto
Priority: P2    
Version: 528+ (Nightly build)   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
patch none

Mikhail Pozdnyakov
Reported 2013-09-13 04:41:58 PDT
We should never allow implicit pointer conversion in OwnArrayPtr (remove template copy constructor & template assignment operator), as: 1) it is never used (no surprise :) ) 2) It's inappropriate to have as arrays do not interact well with polymorphism. The following example illustrates possible problem: OwnArrayPtr<Base> ptr = adoptArrayPtr(new Derived[10]); // sizeof(Derived) > sizeof(Base) for (int i = 0; i < 10; ++i) { ptr[i].func(); // Crashes here. } Crash is because sizeof(Base) is used inside OwnArrayPtr::operator[] to access an element by index.
Attachments
patch (2.37 KB, patch)
2013-09-13 04:49 PDT, Mikhail Pozdnyakov 		no flags
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Mikhail Pozdnyakov
Comment 1 2013-09-13 04:49:37 PDT
Created attachment 211538 [details] patch
Anders Carlsson
Comment 2 2013-09-13 08:02:32 PDT
Comment on attachment 211538 [details] patch Nice! (We've been talking about replacing uses of OwnArrayPtr<T> with std::unique_ptr<T[]> instead if that something you want to explore later!)
WebKit Commit Bot
Comment 3 2013-09-13 08:24:56 PDT
Comment on attachment 211538 [details] patch Clearing flags on attachment: 211538 Committed r155701: <http://trac.webkit.org/changeset/155701>
WebKit Commit Bot
Comment 4 2013-09-13 08:24:59 PDT
All reviewed patches have been landed. Closing bug.
Note You need to log in before you can comment on or make changes to this bug.