Summary: | Possible RetainPtr misuse in WKScriptMessage.mm - could leak | ||||||
---|---|---|---|---|---|---|---|
Product: | WebKit | Reporter: | Joseph Pecoraro <joepeck> | ||||
Component: | WebKit2 | Assignee: | Nobody <webkit-unassigned> | ||||
Status: | RESOLVED FIXED | ||||||
Severity: | Normal | CC: | andersca, commit-queue, joepeck, sam | ||||
Priority: | P2 | ||||||
Version: | 528+ (Nightly build) | ||||||
Hardware: | Unspecified | ||||||
OS: | Unspecified | ||||||
Attachments: |
|
Maybe id is always guaranteed to at least be an NSObject. In that case we can just adoptNS. Created attachment 236957 [details]
[PATCH] Proposed Fix
This is an untested fix. Seeing as we are arbitrarily calling -copy, then -retain/-release should be fine for now.
Comment on attachment 236957 [details] [PATCH] Proposed Fix Clearing flags on attachment: 236957 Committed r172846: <http://trac.webkit.org/changeset/172846> All reviewed patches have been landed. Closing bug. |
RetainPtr<...>::operator= will +1. This looks like a possible missing adoptNS which could cause a leak: > Source/WebKit2/UIProcess/API/Cocoa/WKScriptMessage.mm:47:5: > _body = [body copy]; > ^ However, since _body is RetainPtr<id>, how does this even work? "id" doesn't necessary respond to retain/release/copy. It looks like this could come from -[JSValue toObject] which returns id, but probably could return id<NSObject>.