Bug 21533 - Simple JavaScript code leaks StructureIDs
Summary: Simple JavaScript code leaks StructureIDs
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: JavaScriptCore (show other bugs)
Version: 528+ (Nightly build)
Hardware: All All
: P2 Normal
Assignee: Nobody
URL:
Keywords:
Depends on:
Blocks: 21513 21525
  Show dependency treegraph
 
Reported: 2008-10-10 15:36 PDT by Cameron Zwarich (cpst)
Modified: 2008-10-11 13:59 PDT (History)
1 user (show)

See Also:

Attachments
Leaks in the Object case (87.31 KB, text/plain)
2008-10-10 15:58 PDT, Cameron Zwarich (cpst) 		no flags Details
Proposed patch (3.62 KB, patch)
2008-10-11 13:50 PDT, Cameron Zwarich (cpst) 		sam: review+
Details | Formatted Diff | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Cameron Zwarich (cpst) 2008-10-10 15:36:06 PDT 
The code

for (var id in (new Array)) { }

leaks 13 StructureIDs (in addition to the ones in JSGlobalData) the first time you load it, and then it leaks 2 more every time you load it. The code

for (var id in (new Object)) { }

leaks 11 StructureIDs the first time you load it, but does not leak any more when you load it again.
Comment 1 Cameron Zwarich (cpst) 2008-10-10 15:58:23 PDT 
Created attachment 24277 [details]
Leaks in the Object case
Comment 2 Cameron Zwarich (cpst) 2008-10-10 16:30:55 PDT 
The leaks in the Array case are similar, and nothing seems Array-specific, so it is probably best to figure out the cause of the Object case first.
Comment 3 Cameron Zwarich (cpst) 2008-10-11 13:50:49 PDT 
Created attachment 24292 [details]
Proposed patch
Comment 4 Sam Weinig 2008-10-11 13:53:12 PDT 
Comment on attachment 24292 [details]
Proposed patch

+   StructureID::getEnumerablePropertyNames() ends up caling back to itself
Typo *caling*

r=me
Comment 5 Cameron Zwarich (cpst) 2008-10-11 13:59:10 PDT 
Landed in r37508.