When exposing Objective-C objects to JavaScript, we end up making multiple ObjcInstance objects and multiple RuntimeObjectImp objects for a single Objective-C object. This isn't good because it makes them receive multiple finalizeForWebScript calls.
rdar://problem/7142294
Created attachment 39735 [details] patch
Comment on attachment 39735 [details] patch r=me
http://trac.webkit.org/changeset/48513
Created attachment 39777 [details] Patch v1
Comment on attachment 39777 [details] Patch v1 Wrong bug, sorry!
Comment on attachment 39735 [details] patch This one was landed.
(In reply to comment #4) > http://trac.webkit.org/changeset/48513 Unfortunately this patch brake Qt build: http://build.webkit.org/builders/Qt%20Linux%20Release/builds/1693/steps/compile-webkit/logs/stdio The error caused the new virtual function added to runtime.h, but not defined in inherited class QtInstance : public Instance. 125 private: 126 virtual RuntimeObjectImp* newRuntimeObject(ExecState*); newRuntimeObject should have protected visibility, and createRuntimeObject should be renamed to newRuntimeObject in inherited class QtInstance.
Created attachment 39785 [details] proposed patch
Comment on attachment 39785 [details] proposed patch LGTM.
I have to re-open the bug for the commit-queue to see it.
(In reply to comment #8) > 125 private: > 126 virtual RuntimeObjectImp* newRuntimeObject(ExecState*); > > newRuntimeObject should have protected visibility Why? I don't agree. But it's not important. > createRuntimeObject > should be renamed to newRuntimeObject in inherited class QtInstance. Yes, sorry! Thanks for fixing it.
Comment on attachment 39785 [details] proposed patch Clearing flags on attachment: 39785 Committed r48538: <http://trac.webkit.org/changeset/48538>
All reviewed patches have been landed. Closing bug.
This change introduced incorrect lifetime management and cross-origin data leaks in WebKit1, see bug 123029 comment 8.