WebKit Bugzilla
New
Browse
Log In
×
Sign in with GitHub
or
Remember my login
Create Account
·
Forgot Password
Forgotten password account recovery
RESOLVED FIXED
112832
Objective-C API: Fix over-releasing in allocateConstructorAndPrototypeWithSuperClassInfo:
https://bugs.webkit.org/show_bug.cgi?id=112832
Summary
Objective-C API: Fix over-releasing in allocateConstructorAndPrototypeWithSup...
Mark Hahnenberg
Reported
2013-03-20 13:25:51 PDT
If either the m_constructor or m_prototype (but not both) is collected, we will call allocateConstructorAndPrototypeWithSuperClassInfo, which will create a new object to replace the one that was collected, but at the end of the method we call release on both of them. This is incorrect since we autorelease the JSValue in the case that the object doesn't need to be reallocated. Thus we'll end up overreleasing later during the drain of the autorelease pool.
Attachments
Patch
(3.52 KB, patch)
2013-03-20 13:49 PDT
,
Mark Hahnenberg
ggaren
: review+
Details
Formatted Diff
Diff
View All
Add attachment
proposed patch, testcase, etc.
Mark Hahnenberg
Comment 1
2013-03-20 13:49:24 PDT
Created
attachment 194111
[details]
Patch
Mark Hahnenberg
Comment 2
2013-03-20 13:53:12 PDT
<
rdar://problem/13465627
>
Geoffrey Garen
Comment 3
2013-03-20 13:57:53 PDT
Comment on
attachment 194111
[details]
Patch View in context:
https://bugs.webkit.org/attachment.cgi?id=194111&action=review
r=me
> Source/JavaScriptCore/ChangeLog:15 > + (createObjectWithCustomBrand): We no longer alloc here. We instead call the JSValue valueWithValue class method,
"create" is a term of art for returning a +1 retained object. Since you're changing this function to return an autoreleased object, you should rename it to "objectWithCustomBrand".
Mark Hahnenberg
Comment 4
2013-03-20 14:44:17 PDT
Committed
r146392
: <
http://trac.webkit.org/changeset/146392
>
Note
You need to
log in
before you can comment on or make changes to this bug.
Top of Page
Format For Printing
XML
Clone This Bug