[webkit-reviews] review requested: [Bug 22834] Mismatched memory free in the new CSSSelectorList : [Attachment 26026] Patch v2
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Mon Dec 15 11:12:30 PST 2008
Brett Wilson (Google) <brettw at chromium.org> has asked for review:
Bug 22834: Mismatched memory free in the new CSSSelectorList
https://bugs.webkit.org/show_bug.cgi?id=22834
Attachment 26026: Patch v2
https://bugs.webkit.org/attachment.cgi?id=26026&action=review
------- Additional Comments from Brett Wilson (Google) <brettw at chromium.org>
I believe this patch is correct. The previous patch caused double delete
problems, which only appeared on Windows for some reason. The problem is that
delete also calls the destructor, so when the selector is "moved" in
CSSSelectorList, it calls the destructor, then the destructor is called again
when the list is freed.
This patch uses fastMalloc for the allocation to match the move and delete
operations. This is my first ever use of placement new, so check my syntax
carefully :)
I added a few comments about the allocation method since certain assumptions
are made which aren't obvious (causing bugs like this one).
More information about the webkit-reviews
mailing list