[Webkit-unassigned] [Bug 148769] UI process leaks InjectedBundleInitializationUserData

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Sat Sep 5 01:32:49 PDT 2015


Zan Dobersek <zan at falconsigh.net> changed:

           What    |Removed                     |Added
                 CC|                            |zan at falconsigh.net

--- Comment #1 from Zan Dobersek <zan at falconsigh.net> ---
(In reply to comment #0)
> Meanwhile in the Cocoa code, getInjectedBundleInitializationUserData created
> an ObjCObjectGraph (refcount 1), leaked the ref (refcount remains 1), and
> passed it through toAPI. A WKTypeRef is returned. Refcount remains 1. The
> above are both equivalent. Continuing into cross-platform world:
> The WKTypeRef (refcount 1) returned by
> getInjectedBundleInitializationUserData is passed to toImpl, returns as a
> API::Object (refcount 1). The function returns a PassRefPtr<API::Object>.
> Since the constructor of the PassRefPtr doesn't modify the refcount, it's
> still 1.

The pointer isn't adopted, so the PassRefPtr constructor does increment the refcount to 2.

> WebProcessPool::createNewWebProcess receives the PassRefPtr<API::Object> and
> stores it in a RefPtr<API::Object> using operator=. Refcount is still 1. At
> the end of the function, it will leave scope and be decremented.

The PassRefPtr object is moved into the RefPtr, which doesn't change the refcount of the wrapped object -- still 2.

Adopting the pointer into the PassRefPtr in WebContextInjectedBundleClient::getInjectedBundleInitializationUserData() would probably fix the leak.

You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.webkit.org/pipermail/webkit-unassigned/attachments/20150905/d3d16c06/attachment.html>

More information about the webkit-unassigned mailing list