162695 – StringView should not delete the StringImpl it is viewing.

RESOLVED INVALID 162695

StringView should not delete the StringImpl it is viewing.

https://bugs.webkit.org/show_bug.cgi?id=162695

Summary StringView should not delete the StringImpl it is viewing.

Mark Lam

Reported 2016-09-28 11:27:37 PDT

Currently, StringView uses a UnderlyingString that starts with a refCount of 1 independent of how many references to the underlying StringImpl exists. In the StringView destructor, it then decrements its UnderlyingString refCount, and if that refCount is now 0, it proceeds to delete the referenced StringImpl even if the StringImpl's refCount is non-zero. As a result, this prematurely frees the StringImpl that other code is still expecting to be alive.

Attachments
Add attachment proposed patch, testcase, etc.

Mark Lam

Comment 1 2016-09-28 11:32:56 PDT

To clarify, this issue only manifests when CHECK_STRINGVIEW_LIFETIME is enabled.

Mark Lam

Comment 2 2016-09-28 11:36:54 PDT

Hmmm ... I'm wrong. Deleting the UnderlyingString should not delete the underlying StringImpl. I'll dig a little further.

Mark Lam

Comment 3 2016-09-28 11:54:42 PDT

I misread the code. This is not the issue I'm seeing.

Note You need to log in before you can comment on or make changes to this bug.

Status RESOLVED

Resolution INVALID

Priority P2

Severity Normal

Classification Unclassified

Version WebKit Local Build

Hardware Unspecified

OS Unspecified

Product WebKit

Component Web Template Framework

Assignee

Mark Lam

Reported

2016-09-28 11:27 PDT

Modified

2016-09-28 11:54 PDT History

CC List

2 users Show

URL

Keywords

Depends on

Blocks