[Webkit-unassigned] [Bug 6152] windowScriptObject isn't properly releasing values that it retains with setValue:forKey:

bugzilla-daemon at opendarwin.org bugzilla-daemon at opendarwin.org
Mon Dec 19 23:53:46 PST 2005 

http://bugzilla.opendarwin.org/show_bug.cgi?id=6152


dwood at karelia.com changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|RESOLVED                    |REOPENED
         Resolution|INVALID                     |
            Summary|When a windowScriptObject is|windowScriptObject isn't
                   |released, it doesn't release|properly releasing values
                   |the values it retained      |that it retains with
                   |                            |setValue:forKey:




------- Additional Comments From dwood at karelia.com  2005-12-19 23:53 -------
OK, I'm re-opening this and changing the description slightly.  

The problem is something that I am tracing down into WebScriptObject -- it's implementation of 
setValue:forKey:  has a big problem in that it doesn't seem to release ObjC values when it replaces/
removes existing values -- specifically, arbitrary objects that become ObjCInstance C++ objects.  The 
function convertObjcValueToValue  seems to retain the object, but there is no corresponding release of 
any existing value for that keys.

Similarly, removeWebScriptKey: needs to dealloc the object that it had retained.

 When the thing is finally deallocated, it does seem to try to remove them (ObjcInstance::~ObjcInstance) 
but this is too late!

Strangely, I have tried a work-around by calling release on the value manually after invoking 
setValue:nil forKey:...  or removeWebScriptKey:.... but when the WebScriptObject is finally deallocated, it 
still tries to dealloc the value, even though I had cleared it out!  Here is the backtrace (I had zombies 
enabled)

#2	0x929abfc0 in -[_NSZombie respondsToSelector:]
#3	0x0104c6e4 in KJS::Bindings::ObjcInstance::~ObjcInstance
#4	0x01046c30 in KJS::RuntimeObjectImp::~RuntimeObjectImp
#5	0x0100ca98 in KJS::Collector::collect
#6	0x0117d58c in KJS::Window::clear
#7	0x01129cd8 in KHTMLPart::clear
#8	0x0112e6fc in KHTMLPart::~KHTMLPart
#9	0x010f0370 in KWQKHTMLPart::~KWQKHTMLPart
#10	0x0111e7c4 in -[WebCoreBridge dealloc]
#11	0x006b7a2c in -[WebBridge dealloc]
#12	0x006f4a88 in -[WebView(WebPrivate) _close]
#13	0x006f8588 in -[WebView dealloc]


-- 
Configure bugmail: http://bugzilla.opendarwin.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

More information about the webkit-unassigned mailing list