[Webkit-unassigned] [Bug 36077] v8 DOMWrapperWorld needs virtual dtor
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Fri Mar 12 16:54:53 PST 2010
https://bugs.webkit.org/show_bug.cgi?id=36077
--- Comment #3 from James Robinson <jamesr at chromium.org> 2010-03-12 16:54:53 PST ---
Without this patch the following happens:
V8Proxy::resetIsolatedWorlds() is calling the destructor of each
V8IsolatedContext, which each have a RefPtr<IsolatedWorld> member variable.
Since IsolatedWorld inherits from DOMWrapperWorld, which is declared as
RefCounted<DOMWrapperWorld>, the deref() call is doing delete
static_cast<DOMWrapperWorld*>(m_ptr). Since DOMWrapperWorld has no members and
does not have a virtual destructor, it just does a free(). This means the
IsolatedWorld's member variable, a DOMDataStoreHandle, is never destroyed and
so the associated DOMDataStore is leaked and stays in the DOMDataStoreList.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list