Summary: | Leak of VectorBufferBase.m_buffer (16-64 bytes) under JSC::CompactVariableEnvironment in com.apple.WebKit.WebContent running layout tests | ||||||
---|---|---|---|---|---|---|---|
Product: | WebKit | Reporter: | David Kilzer (:ddkilzer) <ddkilzer> | ||||
Component: | JavaScriptCore | Assignee: | David Kilzer (:ddkilzer) <ddkilzer> | ||||
Status: | RESOLVED FIXED | ||||||
Severity: | Normal | CC: | annulen, commit-queue, fpizlo, ggaren, joepeck, keith_miller, mark.lam, msaboff, saam, webkit-bug-importer, ysuzuki | ||||
Priority: | P2 | Keywords: | InRadar | ||||
Version: | WebKit Local Build | ||||||
Hardware: | Unspecified | ||||||
OS: | Unspecified | ||||||
Attachments: |
|
Description
David Kilzer (:ddkilzer)
2019-01-08 15:56:39 PST
Created attachment 358646 [details]
Patch v1
Or, if we don't expect JSC::CompactVariableEnvironment to use any heap-allocated memory, then we need to set the size of the Vector<> instance variables as appropriate to prevent heap allocations. Comment on attachment 358646 [details]
Patch v1
r=me
Comment on attachment 358646 [details] Patch v1 Clearing flags on attachment: 358646 Committed r239755: <https://trac.webkit.org/changeset/239755> All reviewed patches have been landed. Closing bug. Comment on attachment 358646 [details] Patch v1 View in context: https://bugs.webkit.org/attachment.cgi?id=358646&action=review > Source/JavaScriptCore/parser/VariableEnvironment.cpp:182 > + delete m_environment; Nice catch. (I can't believe I wrote that...) Comment on attachment 358646 [details] Patch v1 View in context: https://bugs.webkit.org/attachment.cgi?id=358646&action=review >> Source/JavaScriptCore/parser/VariableEnvironment.cpp:182 >> + delete m_environment; > > Nice catch. (I can't believe I wrote that...) If both Vector instance variables were allocated inline (and never had to be resized to use separate heap-allocated buffers), it would have worked. Maybe that was the case at some point in the past? |