127072 – Don't autorelease wrapper object (WebProcessPlugInScriptWorld) for InjectedBundleScriptWorld::normalWorld().

RESOLVED FIXED 127072

Don't autorelease wrapper object (WebProcessPlugInScriptWorld) for InjectedBundleScriptWorld::normalWorld().

https://bugs.webkit.org/show_bug.cgi?id=127072

Summary Don't autorelease wrapper object (WebProcessPlugInScriptWorld) for InjectedBu...

Yongjun Zhang

Reported 2014-01-15 16:07:16 PST

InjectedBundleScriptWorld::normalWorld() returns a static InjectedBundleScriptWorld, autoreleasing its wrapper object could cause dangling pointer to InjectedBundleScriptWorld and crash.

Attachments
Patch. (1.56 KB, patch) 2014-01-15 16:14 PST, Yongjun Zhang	no flags	Details Formatted Diff Diff
View All Add attachment proposed patch, testcase, etc.

Yongjun Zhang

Comment 1 2014-01-15 16:08:33 PST

This is referring to the method [WKWebProcessPlugInScriptWorld normalWorld]: + (WKWebProcessPlugInScriptWorld *)normalWorld { return [wrapper(*InjectedBundleScriptWorld::normalWorld()) autorelease]; }

Yongjun Zhang

Comment 2 2014-01-15 16:14:45 PST

Created attachment 221313 [details] Patch.

Geoffrey Garen

Comment 3 2014-01-15 17:18:40 PST

Comment on attachment 221313 [details] Patch. What about all the other uses of the "[wrapper(X) autorelease]" idiom, like the "world" selector in the same file, and a bunch of others?

Geoffrey Garen

Comment 4 2014-01-15 17:21:26 PST

(In reply to comment #3) > (From update of attachment 221313 [details]) > What about all the other uses of the "[wrapper(X) autorelease]" idiom, like the "world" selector in the same file, and a bunch of others? I see. In all other cases, we only autorelease after allocating or ref-ing.

Geoffrey Garen

Comment 5 2014-01-15 17:21:42 PST

Comment on attachment 221313 [details] Patch. r=me Sadly, I am not a WK2 owner :(.

mitz

Comment 6 2014-01-15 17:23:26 PST

r=me too

WebKit Commit Bot

Comment 7 2014-01-15 18:00:16 PST

Comment on attachment 221313 [details] Patch. Clearing flags on attachment: 221313 Committed r162106: <http://trac.webkit.org/changeset/162106>

WebKit Commit Bot

Comment 8 2014-01-15 18:00:18 PST

All reviewed patches have been landed. Closing bug.

Note You need to log in before you can comment on or make changes to this bug.

Status RESOLVED

Resolution FIXED

Priority P2

Severity Normal

Classification Unclassified

Version 528+ (Nightly build)

Hardware Unspecified

OS Unspecified

Product WebKit

Component WebKit2

Assignee

Nobody

Reported

2014-01-15 16:07 PST

Modified

2014-01-15 18:00 PST History

CC List

5 users Show

URL

Keywords

Depends on

Blocks