[Webkit-unassigned] [Bug 195574] New: [GLib] Returning G_TYPE_OBJECT from a constructor does not work

Mon Mar 11 15:00:12 PDT 2019

https://bugs.webkit.org/show_bug.cgi?id=195574

            Bug ID: 195574
           Summary: [GLib] Returning G_TYPE_OBJECT from a constructor does
                    not work
           Product: WebKit
           Version: Other
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: JavaScriptCore
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: meo at certi.org.br
                CC: aperez at igalia.com

Created attachment 364290

  --> https://bugs.webkit.org/attachment.cgi?id=364290&action=review

jscobj.c: Example code to reproduce the issue

Found a problem similar to bug 195206

When a method is installed with jsc_class_add_method(), and the
return type is specified as G_TYPE_OBJECT, the reference count of
the returned object is decreased, which may delete the object.

I made an example based on the one Adrian attached to the bug
mentioned above:

This example adds an 'id' function to the JS object, which returns
a reference to itself. After it is called, the object is deleted
and the call to getPath fails.

Tested on WebKit version 2.23.92

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20190311/886e3cab/attachment.html>