Bug 62052

Summary: Make the destructors of DataTransferItem and DataTransferItems virtual
Product: WebKit Reporter: Nico Weber <thakis>
Component: New BugsAssignee: Nico Weber <thakis>
Status: RESOLVED FIXED    
Severity: Normal CC: andersca, commit-queue
Priority: P2    
Version: 528+ (Nightly build)   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
Patch none

Nico Weber
Reported 2011-06-03 14:04:09 PDT
Make the destructors of DataTransferItem and DataTransferItems virtual
Attachments
Patch (2.35 KB, patch)
2011-06-03 14:07 PDT, Nico Weber 		no flags
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Nico Weber
Comment 1 2011-06-03 14:07:21 PDT
Created attachment 95960 [details] Patch
Nico Weber
Comment 2 2011-06-03 14:14:46 PDT
Yes, this is a real bug in this case: In file included from third_party/WebKit/Source/WebCore/html/canvas/ArrayBufferView.h:29: In file included from third_party/WebKit/Source/WebCore/html/canvas/ArrayBuffer.h:30: third_party/WebKit/Source/JavaScriptCore/wtf/RefCounted.h:141:13:error: delete called on 'WebCore::DataTransferItem' that has virtual functions but non-virtual destructor [-Werror,-Wdelete-non-virtual-dtor] delete static_cast<T*>(this); ^ third_party/WebKit/Source/JavaScriptCore/wtf/PassRefPtr.h:59:18: note: in instantiation of member function 'WTF::RefCounted<WebCore::DataTransferItem>::deref' requested here ptr->deref(); ^ third_party/WebKit/Source/JavaScriptCore/wtf/RefPtr.h:58:35: note: in instantiation of function template specialization 'WTF::derefIfNotNull<WebCore::DataTransferItem>' requested here ALWAYS_INLINE ~RefPtr() { derefIfNotNull(m_ptr); } ^ third_party/WebKit/Source/JavaScriptCore/wtf/Vector.h:80:23: note: in instantiation of member function 'WTF::RefPtr<WebCore::DataTransferItem>::~RefPtr' requested here cur->~T(); ^ third_party/WebKit/Source/JavaScriptCore/wtf/Vector.h:239:69: note: in instantiation of member function 'WTF::VectorDestructor<true, WTF::RefPtr<WebCore::DataTransferItem> >::destruct' requested here VectorDestructor<VectorTraits<T>::needsDestruction, T>::destruct(begin, end); ^ third_party/WebKit/Source/JavaScriptCore/wtf/Vector.h:860:25: note: in instantiation of member function 'WTF::VectorTypeOperations<WTF::RefPtr<WebCore::DataTransferItem> >::destruct' requested here TypeOperations::destruct(begin() + size, end()); ^ third_party/WebKit/Source/JavaScriptCore/wtf/Vector.h:520:25: note: in instantiation of member function 'WTF::Vector<WTF::RefPtr<WebCore::DataTransferItem>, 0>::shrink' requested here if (m_size) shrink(0); ^ third_party/WebKit/Source/WebCore/dom/DataTransferItems.h:48:5: note: in instantiation of member function 'WTF::Vector<WTF::RefPtr<WebCore::DataTransferItem>, 0>::~Vector' requested here ~DataTransferItems() {} ^ The item is added with m_items.append(DataTransferItem::create(m_owner, m_context, data, type)); and that returns a polymorphic object, at least with the chromium port (DataTransferItemChromium::create, http://codesearch.google.com/codesearch/p?hl=en#OAMlx_jo-ck/src/third_party/WebKit/Source/WebCore/platform/chromium/DataTransferItemChromium.cpp&q=DataTransferItemChromium::create&exact_package=chromium&l=57 )
WebKit Commit Bot
Comment 3 2011-06-04 02:05:51 PDT
Comment on attachment 95960 [details] Patch Clearing flags on attachment: 95960 Committed r88099: <http://trac.webkit.org/changeset/88099>
WebKit Commit Bot
Comment 4 2011-06-04 02:05:55 PDT
All reviewed patches have been landed. Closing bug.
Note You need to log in before you can comment on or make changes to this bug.