Bug 115933 - [WK2] CRASH: EXC_BAD_ACCESS crash in WKContextGetInfoForInstalledPlugIns when the dispatch block is destroyed
Summary: [WK2] CRASH: EXC_BAD_ACCESS crash in WKContextGetInfoForInstalledPlugIns when...
Status: RESOLVED INVALID
Alias: None
Product: WebKit
Classification: Unclassified
Component: WebKit2 (show other bugs)
Version: 528+ (Nightly build)
Hardware: Mac All
: P1 Blocker
Assignee: Nobody
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2013-05-10 13:57 PDT by Remy Demarest
Modified: 2013-05-10 17:56 PDT (History)
2 users (show)

See Also:

Attachments
Patch (2.46 KB, patch)
2013-05-10 14:03 PDT, Remy Demarest 		darin: review-
darin: commit-queue-
Details | Formatted Diff | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Remy Demarest 2013-05-10 13:57:56 PDT 
After the dispatch_async block, when it is destroyed, I get a EXC_BAD_ACCESS crash because it tries to release the memory of the ImmutableArray.
Comment 1 Remy Demarest 2013-05-10 14:03:35 PDT 
Created attachment 201422 [details]
Patch
Comment 2 Darin Adler 2013-05-10 17:53:24 PDT 
Comment on attachment 201422 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=201422&action=review

> Source/WebKit2/ChangeLog:11
> +        * UIProcess/API/C/mac/WKContextPrivateMac.mm:
> +        (WKContextGetInfoForInstalledPlugIns): Add __block attribute to the array variable
> +        to remove the const flag in the block, and use .release().leakRef() rather than
> +        .get() to cleanup the array properly.

How is leakRef going to clean up the array properly? It will leak the array!
Comment 3 Darin Adler 2013-05-10 17:54:47 PDT 
Comment on attachment 201422 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=201422&action=review

> Source/WebKit2/UIProcess/API/C/mac/WKContextPrivateMac.mm:132
> -        block(toAPI(array.get()), 0);
> +        block(toAPI(array.release().leakRef()), 0);

I think you will get what you want with release().get(); release().leakRef() wrong.
Comment 4 Anders Carlsson 2013-05-10 17:56:32 PDT 
Yup, this is invalid.