[Webkit-unassigned] [Bug 60872] New: [WebKit2] Strict PassOwnPtr fix papers over memory management errors

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Sun May 15 23:56:07 PDT 2011 

https://bugs.webkit.org/show_bug.cgi?id=60872

           Summary: [WebKit2] Strict PassOwnPtr fix papers over memory
                    management errors
           Product: WebKit
           Version: 528+ (Nightly build)
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: WebKit2
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: abarth at webkit.org
                CC: darin at apple.com, sam at webkit.org


As I wrote in https://bugs.webkit.org/show_bug.cgi?id=60655#c3, I don't think the strict PassOwnPtr fix in https://trac.webkit.org/changeset/86296/trunk/Source/WebKit2/Platform/CoreIPC/HandleMessage.h is correct:

--->8---
I'm not sure this patch is right.  Does that mean we're supposed to leak the replyEncoder if the arguments fail to decode?  If this function is supposed take ownership, It seems more likely we should change the parameter to be a PassOwnPtr.

I tried chasing this for a while, but it mushroomed out of control pretty fast.  I suspect there's a memory management bug here somewhere.

For example, consider PluginControllerProxy::didReceiveSyncPluginControllerProxyMessage.  Whether this function eventually calls delete on its third argument appears to depend on the MessageID.
---8<---

I don't understand this code well enough to know whether this is a real problem, but the code looks really fishy.

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

More information about the webkit-unassigned mailing list