[Webkit-unassigned] [Bug 201803] New: Leak of NSMapTable in -[JSVirtualMachine addManagedReference:withOwner:]

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Sun Sep 15 06:11:07 PDT 2019 

https://bugs.webkit.org/show_bug.cgi?id=201803

            Bug ID: 201803
           Summary: Leak of NSMapTable in -[JSVirtualMachine
                    addManagedReference:withOwner:]
           Product: WebKit
           Version: WebKit Nightly Build
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: JavaScriptCore
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: ddkilzer at webkit.org
                CC: darin at apple.com, mitz at webkit.org,
                    webkit-bug-importer at group.apple.com

-[JSVirtualMachine addManagedReference:withOwner:] leaks an NSMapTable every time a new one is created.

- (void)addManagedReference:(id)object withOwner:(id)owner
{    
    [...]
    NSMapTable *ownedObjects = [m_externalObjectGraph objectForKey:owner];  // ownedObjects is retained by m_externalObjectGraph.
    if (!ownedObjects) {
        NSPointerFunctionsOptions weakIDOptions = NSPointerFunctionsWeakMemory | NSPointerFunctionsObjectPersonality;
        NSPointerFunctionsOptions integerOptions = NSPointerFunctionsOpaqueMemory | NSPointerFunctionsIntegerPersonality;
        ownedObjects = [[NSMapTable alloc] initWithKeyOptions:weakIDOptions valueOptions:integerOptions capacity:1];  // ownedObjects is +1 retained by -alloc.

        [m_externalObjectGraph setObject:ownedObjects forKey:owner]; // ownedObjects is +2 retained by m_externalObjectGraph.
    }

    size_t count = reinterpret_cast<size_t>(NSMapGet(ownedObjects, (__bridge void*)object));
    NSMapInsert(ownedObjects, (__bridge void*)object, reinterpret_cast<void*>(count + 1));
    // FIXME: When `ownedObjects` is created, it leaks one reference count from -alloc when returning from this method.
}

<https://trac.webkit.org/browser/webkit/trunk/Source/JavaScriptCore/API/JSVirtualMachine.mm#L167>

Caused by:

Bug 186973: [Cocoa] Improve ARC compatibility of more code in JavaScriptCore
<https://bugs.webkit.org/show_bug.cgi?id=186973>

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20190915/87586862/attachment.html>

More information about the webkit-unassigned mailing list