RESOLVED DUPLICATE of bug 25930 27211
fastMalloc and fastFree mismatch correction 
https://bugs.webkit.org/show_bug.cgi?id=27211
Summary fastMalloc and fastFree mismatch correction
Zoltan Horvath
Reported 2009-07-13 04:58:53 PDT
An array in CSSSelectorList.cpp has been allocated with fastMalloc and freed with delete instead of fastFree. fastFree should be called to match fastMalloc and fastFree. (It is very important for custom allocation framework.)
Attachments
proposed patch (1.80 KB, patch)
2009-07-13 05:04 PDT, Zoltan Horvath 		darin: review-
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Zoltan Horvath
Comment 1 2009-07-13 05:04:12 PDT
Created attachment 32657 [details] proposed patch
Darin Adler
Comment 2 2009-07-13 10:31:15 PDT
There’s been a lot of back and forth about this in another bug. This is not the correct fix -- it's hard to find the correct fix. I'll have to find the other bug for you.
Darin Adler
Comment 3 2009-07-13 10:31:51 PDT
*** This bug has been marked as a duplicate of bug 25930 ***
Balazs Kelemen
Comment 4 2009-08-24 07:27:51 PDT
I think there is no problem freeing with fastFree here, since Vector allocates it's storage with fastMalloc. What have I missed?
Darin Adler
Comment 5 2009-08-24 10:55:41 PDT
(In reply to comment #4) > I think there is no problem freeing with fastFree here, since Vector allocates > it's storage with fastMalloc. What have I missed? How Vector allocates its storage is irrelevant, since is not the vector storage being freed. The vector storage is a pointer in selectorVector.m_buffer.m_buffer. What's being freed here is selectorVector[i]. If you trace the flow of the code back you'll see that it's a CSSSelector object that was allocated by the CSSParser::createFloatingSelector function.
Note You need to log in before you can comment on or make changes to this bug.