InjectedBundleScriptWorld::normalWorld() returns a static InjectedBundleScriptWorld, autoreleasing its wrapper object could cause dangling pointer to InjectedBundleScriptWorld and crash.
This is referring to the method [WKWebProcessPlugInScriptWorld normalWorld]: + (WKWebProcessPlugInScriptWorld *)normalWorld { return [wrapper(*InjectedBundleScriptWorld::normalWorld()) autorelease]; }
Created attachment 221313 [details] Patch.
Comment on attachment 221313 [details] Patch. What about all the other uses of the "[wrapper(X) autorelease]" idiom, like the "world" selector in the same file, and a bunch of others?
(In reply to comment #3) > (From update of attachment 221313 [details]) > What about all the other uses of the "[wrapper(X) autorelease]" idiom, like the "world" selector in the same file, and a bunch of others? I see. In all other cases, we only autorelease after allocating or ref-ing.
Comment on attachment 221313 [details] Patch. r=me Sadly, I am not a WK2 owner :(.
r=me too
Comment on attachment 221313 [details] Patch. Clearing flags on attachment: 221313 Committed r162106: <http://trac.webkit.org/changeset/162106>
All reviewed patches have been landed. Closing bug.