<html>

    <head>

      <base href="https://bugs.webkit.org/" />

    </head>

    <body><span class="vcard"><a class="email" href="mailto:zan&#64;falconsigh.net" title="Zan Dobersek &lt;zan&#64;falconsigh.net&gt;"> <span class="fn">Zan Dobersek</span></a>

</span> changed

              <a class="bz_bug_link 

          bz_status_NEW "

   title="NEW - UI process leaks InjectedBundleInitializationUserData"

   href="https://bugs.webkit.org/show_bug.cgi?id=148769">bug 148769</a>

        <br>

             <table border="1" cellspacing="0" cellpadding="8">

          <tr>

            <th>What</th>

            <th>Removed</th>

            <th>Added</th>

          </tr>

         <tr>

           <td style="text-align:right;">CC</td>

           <td>

               &nbsp;

           </td>

           <td>zan&#64;falconsigh.net

           </td>

         </tr></table>

      <p>

        <div>

            <b><a class="bz_bug_link 

          bz_status_NEW "

   title="NEW - UI process leaks InjectedBundleInitializationUserData"

   href="https://bugs.webkit.org/show_bug.cgi?id=148769#c1">Comment # 1</a>

              on <a class="bz_bug_link 

          bz_status_NEW "

   title="NEW - UI process leaks InjectedBundleInitializationUserData"

   href="https://bugs.webkit.org/show_bug.cgi?id=148769">bug 148769</a>

              from <span class="vcard"><a class="email" href="mailto:zan&#64;falconsigh.net" title="Zan Dobersek &lt;zan&#64;falconsigh.net&gt;"> <span class="fn">Zan Dobersek</span></a>

</span></b>

        <pre>(In reply to <a href="show_bug.cgi?id=148769#c0">comment #0</a>)

<span class="quote">&gt; 

&gt; Meanwhile in the Cocoa code, getInjectedBundleInitializationUserData created

&gt; an ObjCObjectGraph (refcount 1), leaked the ref (refcount remains 1), and

&gt; passed it through toAPI. A WKTypeRef is returned. Refcount remains 1. The

&gt; above are both equivalent. Continuing into cross-platform world:

&gt; 

&gt; The WKTypeRef (refcount 1) returned by

&gt; getInjectedBundleInitializationUserData is passed to toImpl, returns as a

&gt; API::Object (refcount 1). The function returns a PassRefPtr&lt;API::Object&gt;.

&gt; Since the constructor of the PassRefPtr doesn't modify the refcount, it's

&gt; still 1.

&gt; </span >

The pointer isn't adopted, so the PassRefPtr constructor does increment the refcount to 2.

<span class="quote">&gt; WebProcessPool::createNewWebProcess receives the PassRefPtr&lt;API::Object&gt; and

&gt; stores it in a RefPtr&lt;API::Object&gt; using operator=. Refcount is still 1. At

&gt; the end of the function, it will leave scope and be decremented.

&gt; </span >

The PassRefPtr object is moved into the RefPtr, which doesn't change the refcount of the wrapped object -- still 2.

Adopting the pointer into the PassRefPtr in WebContextInjectedBundleClient::getInjectedBundleInitializationUserData() would probably fix the leak.</pre>

        </div>

      </p>

      <hr>

      <span>You are receiving this mail because:</span>

      <ul>

          <li>You are the assignee for the bug.</li>

      </ul>

    </body>

</html>