[Webkit-unassigned] [Bug 210643] New: REGRESSION (r162729): [iOS] WebKitTestRunner over-releases UITextField in WTR::PlatformWebView::removeChromeInputField()
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Fri Apr 17 02:32:00 PDT 2020
https://bugs.webkit.org/show_bug.cgi?id=210643
Bug ID: 210643
Summary: REGRESSION (r162729): [iOS] WebKitTestRunner
over-releases UITextField in
WTR::PlatformWebView::removeChromeInputField()
Product: WebKit
Version: WebKit Nightly Build
Hardware: Unspecified
OS: Unspecified
Status: NEW
Severity: Normal
Priority: P2
Component: Tools / Tests
Assignee: webkit-unassigned at lists.webkit.org
Reporter: ddkilzer at webkit.org
CC: ap at webkit.org, simon.fraser at apple.com,
wenson_hsieh at apple.com
Depends on: 127448
WebKitTestRunner over-releases UITextField in WTR::PlatformWebView::removeChromeInputField()
This regressed in r162729 for Bug 127448: <https://trac.webkit.org/r162729>
Briefly fixed by r189228 for Bug 189228 before that commit was reverted in r235832 for Bug 189464.
Found by clang static analyzer.
void PlatformWebView::addChromeInputField()
{
UITextField* textField = [[UITextField alloc] initWithFrame:CGRectMake(0, 0, 100, 20)];
textField.tag = 1;
[m_window addSubview:textField];
[textField release];
}
void PlatformWebView::removeChromeInputField()
{
UITextField* textField = (UITextField*)[m_window viewWithTag:1];
if (textField) {
[textField removeFromSuperview];
makeWebViewFirstResponder();
[textField release]; // Over-release.
}
}
NOTE: This may be the cause of some of the autoreleasePool crashes in WebKitTestRunner that we see occasionally.
Referenced Bugs:
https://bugs.webkit.org/show_bug.cgi?id=127448
[Bug 127448] Make WebKitTestRunner work with iOS
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20200417/c3a6cb0e/attachment.htm>
More information about the webkit-unassigned
mailing list