[Webkit-unassigned] [Bug 175064] New: CFString leak dragging an image - allocation under PlatformPasteboard::writeObjectRepresentations

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Tue Aug 1 20:51:23 PDT 2017 

https://bugs.webkit.org/show_bug.cgi?id=175064

            Bug ID: 175064
           Summary: CFString leak dragging an image - allocation under
                    PlatformPasteboard::writeObjectRepresentations
           Product: WebKit
           Version: WebKit Nightly Build
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: WebKit Misc.
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: joepeck at webkit.org
                CC: thorton at apple.com, wenson_hsieh at apple.com

Leak seen in an iOS application dragging an image.

Leak: 0x1393de630  size=64  zone: WebKit Using System Malloc_0x10315c000
        0x39372260 0x00000001 0xc0192550 0x00000001     `"79....P%......
        0x00000000 0x00000000 0xb58c2f31 0x000001a1     ........1/......
        0x00000740 0x00000001 0x39372274 0x00000001     @.......t"79....
        0x0000009a 0x00000000 0x00000000 0x00000000     ................
        Call stack: [thread 0x1b58beb40]: 
        | 0x0 
        | start 
        | 0x102772080 
        | UIApplicationMain 
        ...
        | -[WebView(WebPrivate) _requestStartDataInteraction:globalPosition:] 
        | WebCore::EventHandler::tryToBeginDataInteractionAtPoint(WebCore::IntPoint const&, WebCore::IntPoint const&) 
        | WebCore::EventHandler::handleMouseDraggedEvent(WebCore::MouseEventWithHitTestResults const&, WebCore::CheckDragHysteresis) 
        | WebCore::EventHandler::handleDrag(WebCore::MouseEventWithHitTestResults const&, WebCore::CheckDragHysteresis) 
        | WebCore::DragController::startDrag(WebCore::Frame&, WebCore::DragState const&, WebCore::DragOperation, WebCore::PlatformMouseEvent const&, WebCore::IntPoint const&) 
        | WebDragClient::declareAndWriteDragImage(WTF::String const&, WebCore::Element&, WebCore::URL const&, WTF::String const&, WebCore::Frame*) 
        | WebCore::Editor::writeImageToPasteboard(WebCore::Pasteboard&, WebCore::Element&, WebCore::URL const&, WTF::String const&) 
        | non-virtual thunk to WebPlatformStrategies::writeToPasteboard(WebCore::PasteboardImage const&, WTF::String const&) 
        | WebCore::PlatformPasteboard::writeObjectRepresentations(WebCore::PasteboardImage const&) 
        | WTF::StringImpl::operator NSString*() 
        | WTF::StringImpl::createCFString() 
        | CFStringCreateWithBytesNoCopy 
        | __CFStringCreateImmutableFunnel3 
        | _CFRuntimeCreateInstance 
        | WTF::StringWrapperCFAllocator::allocate(long, unsigned long, void*) 
        | WTF::fastMalloc(unsigned long) 
        | bmalloc::DebugHeap::malloc(unsigned long) 
        | malloc_zone_malloc 

There are only a few WTF::String -> NSString conversions in this function. Notably:

>       auto utiOrMIMEType = pasteboardImage.resourceMIMEType.createCFString();
>       if (!UTTypeIsDeclared(utiOrMIMEType.get()))
>           utiOrMIMEType = UTTypeCreatePreferredIdentifierForTag(kUTTagClassMIMEType, utiOrMIMEType.get(), nil);

In the first assignment the type is RetainPtr and should be fine.
In the second assignment it looks like an extra +1. We should adopt a Created value into a RetainPtr.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20170802/3d47a92b/attachment.html>

More information about the webkit-unassigned mailing list