[Webkit-unassigned] [Bug 162695] New: StringView should not delete the StringImpl it is viewing.

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Wed Sep 28 11:27:37 PDT 2016 

https://bugs.webkit.org/show_bug.cgi?id=162695

            Bug ID: 162695
           Summary: StringView should not delete the StringImpl it is
                    viewing.
    Classification: Unclassified
           Product: WebKit
           Version: WebKit Local Build
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: Web Template Framework
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: mark.lam at apple.com

Currently, StringView uses a UnderlyingString that starts with a refCount of 1 independent of how many references to the underlying StringImpl exists.  In the StringView destructor, it then decrements its UnderlyingString refCount, and if that refCount is now 0, it proceeds to delete the referenced StringImpl even if the StringImpl's refCount is non-zero.  As a result, this prematurely frees the StringImpl that other code is still expecting to be alive.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.webkit.org/pipermail/webkit-unassigned/attachments/20160928/3bd6a5a0/attachment.html>

More information about the webkit-unassigned mailing list