[Webkit-unassigned] [Bug 148769] UI process leaks InjectedBundleInitializationUserData
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Sat Sep 5 01:32:49 PDT 2015
https://bugs.webkit.org/show_bug.cgi?id=148769
Zan Dobersek <zan at falconsigh.net> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |zan at falconsigh.net
--- Comment #1 from Zan Dobersek <zan at falconsigh.net> ---
(In reply to comment #0)
>
> Meanwhile in the Cocoa code, getInjectedBundleInitializationUserData created
> an ObjCObjectGraph (refcount 1), leaked the ref (refcount remains 1), and
> passed it through toAPI. A WKTypeRef is returned. Refcount remains 1. The
> above are both equivalent. Continuing into cross-platform world:
>
> The WKTypeRef (refcount 1) returned by
> getInjectedBundleInitializationUserData is passed to toImpl, returns as a
> API::Object (refcount 1). The function returns a PassRefPtr<API::Object>.
> Since the constructor of the PassRefPtr doesn't modify the refcount, it's
> still 1.
>
The pointer isn't adopted, so the PassRefPtr constructor does increment the refcount to 2.
> WebProcessPool::createNewWebProcess receives the PassRefPtr<API::Object> and
> stores it in a RefPtr<API::Object> using operator=. Refcount is still 1. At
> the end of the function, it will leave scope and be decremented.
>
The PassRefPtr object is moved into the RefPtr, which doesn't change the refcount of the wrapped object -- still 2.
Adopting the pointer into the PassRefPtr in WebContextInjectedBundleClient::getInjectedBundleInitializationUserData() would probably fix the leak.
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.webkit.org/pipermail/webkit-unassigned/attachments/20150905/d3d16c06/attachment.html>
More information about the webkit-unassigned
mailing list