Bug 21526 - The hashmap webPreferencesInstances in WebPreferences.cpp can potentially hold onto stale instances of WebPreferences
Summary: The hashmap webPreferencesInstances in WebPreferences.cpp can potentially hol...
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: New Bugs (show other bugs)
Version: 528+ (Nightly build)
Hardware: PC Windows Vista
: P2 Normal
Assignee: Ada Chan
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2008-10-10 11:50 PDT by Ada Chan
Modified: 2008-10-10 13:43 PDT (History)
0 users

See Also:

Attachments
Patch (4.44 KB, patch)
2008-10-10 12:37 PDT, Ada Chan 		aroben: review+
Details | Formatted Diff | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Ada Chan 2008-10-10 11:50:15 PDT 
webPreferencesInstances does not keep a reference to all the instances it holds.  So if you call WebPreferences::initWithIdentifier() to make a WebPreferences object and then release it, the hashmap still holds a stale pointer to that instance, and next time initWithIdentifier() is called again with the same identifier, it'll return the stale object.
Comment 1 Ada Chan 2008-10-10 12:37:42 PDT 
Created attachment 24270 [details]
Patch
Comment 2 Adam Roben (:aroben) 2008-10-10 12:59:24 PDT 
Comment on attachment 24270 [details]
Patch

 3         https://bugs.webkit.org/show_bug.cgi?id=21526

We normally put the title of the bug in the ChangeLog as well.

 619     preferences = 0;
 620     if (identifier) {
 621         WebPreferences::removeReferenceForIdentifier(identifier);
 622         SysFreeString(identifier);
 623     }

It might be worth adding a comment here about why we release preferences first.

r=me
Comment 3 Ada Chan 2008-10-10 13:36:51 PDT 
Will address feedback from aroben
Comment 4 Ada Chan 2008-10-10 13:43:41 PDT 
Fixed in r37489