Bug 213165

Summary: Fix Overrelease in makeFailureSetForAllTextManipulationItems
Product: WebKit Reporter: Richard Houle <rhoule>
Component: WebKit2Assignee: Nobody <webkit-unassigned>
Status: RESOLVED FIXED    
Severity: Critical CC: darin, rniwa, webkit-bug-importer, wenson_hsieh
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
Proposed fix V1
wenson_hsieh: review+
Proposed Fix V2 none

Description Richard Houle 2020-06-13 09:32:18 PDT
The following line of code in Source/WebKit/UIProcess/API/Cocoa/WKWebView.mm:

     RetainPtr<NSMutableArray> wkFailures = adoptNS([[[NSMutableArray alloc] initWithCapacity:items.count] autorelease]);

causes an overrelease when the autorelease pool is drained.
Comment 1 Richard Houle 2020-06-13 09:38:00 PDT
Created attachment 401838 [details]
Proposed fix V1
Comment 2 Wenson Hsieh 2020-06-13 11:12:42 PDT
Comment on attachment 401838 [details]
Proposed fix V1

Good catch!
Comment 3 Wenson Hsieh 2020-06-13 11:14:24 PDT
Comment on attachment 401838 [details]
Proposed fix V1

View in context: https://bugs.webkit.org/attachment.cgi?id=401838&action=review

> Source/WebKit/ChangeLog:3
> +        https://bugs.webkit.org/show_bug.cgi?id=213165

The fix looks good to me, but please add the bug title here as well.
Comment 4 Richard Houle 2020-06-13 11:44:40 PDT
Created attachment 401846 [details]
Proposed Fix V2
Comment 5 EWS 2020-06-13 12:06:29 PDT
Committed r263004: <https://trac.webkit.org/changeset/263004>

All reviewed patches have been landed. Closing bug and clearing flags on attachment 401846 [details].
Comment 6 Radar WebKit Bug Importer 2020-06-13 12:07:16 PDT
<rdar://problem/64331098>
Comment 7 Darin Adler 2020-06-13 14:02:31 PDT
Someone should grep "adopt.+autorelease" across the whole source tree to see if we made the identical mistake in the exact same way elsewhere. I’d do myself if I had source checked out on a readily accessible computer, but that might not happen for a few days.
Comment 8 Richard Houle 2020-06-13 14:03:55 PDT
I did grep the entire tree.

This was the only problematic entry.
Comment 9 Darin Adler 2020-06-13 14:05:27 PDT
(In reply to Richard Houle from comment #8)
> I did grep the entire tree.

Great. Thanks!