RESOLVED FIXED 31681
[Qt] Wrong runtime instance objects of wrapped QObjects may be used if the wrapped object died before the gc removed the instance. 
https://bugs.webkit.org/show_bug.cgi?id=31681
Summary [Qt] Wrong runtime instance objects of wrapped QObjects may be used if the w...
Yoann Lopes
Reported 2009-11-19 13:30:40 PST
Created attachment 43519 [details] Bug example A bug occurs when a new Object is made available to javascript (addToJavascriptWindowObject) and when this new object is at the same address in memory than a previously deleted object (which one was also made available to javascript at some point). In that case, a javascript exception is raised saying that you are trying to access a deleted object, when actually the object that you are trying to access is not deleted. (It just raises that exception because the new object occupies a memory address that has been previously marked as deleted). Bug spotted using Qt 4.5.1 I attach to this report a small example illustrating the bug.
Attachments
Bug example (6.00 KB, application/x-tar)
2009-11-19 13:30 PST, Yoann Lopes 		no flags
Details
Potential fix, without changelog and testcase. (1.03 KB, patch)
2009-11-22 09:30 PST, Simon Hausmann 		no flags
DetailsFormatted DiffDiff
Patch (4.88 KB, patch)
2009-11-23 04:27 PST, Simon Hausmann 		no flags
DetailsFormatted DiffDiff
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.
Simon Hausmann
Comment 1 2009-11-22 09:27:21 PST
ACK. This may be fixable inside QtInstance::getQtInstance
Simon Hausmann
Comment 2 2009-11-22 09:30:22 PST
Created attachment 43682 [details] Potential fix, without changelog and testcase. Yoann, can you try the attached patch? It shouldn't be too hard to turn your testcase into a unit test. Want to have a go at it? :)
Kenneth Rohde Christiansen
Comment 3 2009-11-22 11:21:23 PST
I guess it would be nice with some comments in the code as well.
Simon Hausmann
Comment 4 2009-11-23 04:27:22 PST
Created attachment 43702 [details] Patch
Yoann Lopes
Comment 5 2009-11-23 04:37:54 PST
Just tried the patch, it works just fine now :)
WebKit Commit Bot
Comment 6 2009-11-23 04:58:39 PST
Comment on attachment 43702 [details] Patch Clearing flags on attachment: 43702 Committed r51306: <http://trac.webkit.org/changeset/51306>
WebKit Commit Bot
Comment 7 2009-11-23 04:58:45 PST
All reviewed patches have been landed. Closing bug.
Note You need to log in before you can comment on or make changes to this bug.