[Webkit-unassigned] [Bug 84668] New: ObjcClass::methodsNamed() can leak if buffer is dynamically allocated
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Mon Apr 23 20:09:48 PDT 2012
https://bugs.webkit.org/show_bug.cgi?id=84668
Summary: ObjcClass::methodsNamed() can leak if buffer is
dynamically allocated
Product: WebKit
Version: 528+ (Nightly build)
Platform: Unspecified
OS/Version: Unspecified
Status: NEW
Severity: Normal
Priority: P2
Component: JavaScriptGlue
AssignedTo: webkit-unassigned at lists.webkit.org
ReportedBy: benjamin at webkit.org
CC: benjamin at webkit.org
>From ObjcClass::methodsNamed():
char fixedSizeBuffer[1024];
char* buffer = fixedSizeBuffer;
CString jsName = identifier.ascii();
if (!convertJSMethodNameToObjc(jsName.data(), buffer, sizeof(fixedSizeBuffer))) {
int length = jsName.length() + 1;
buffer = new char[length];
if (!buffer || !convertJSMethodNameToObjc(jsName.data(), buffer, length))
return methodList;
}
RetainPtr<CFStringRef> methodName(AdoptCF, CFStringCreateWithCString(NULL, buffer, kCFStringEncodingASCII));
Method* method = (Method*)CFDictionaryGetValue(_methods.get(), methodName.get());
if (method) {
methodList.append(method);
return methodList;
}
If the second convertJSMethodNameToObjc() return false, or if the the dictionary match the method name, buffer is never released.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list