Skip to site navigation (Press enter)

[webkit-changes] [239755] trunk/Source/JavaScriptCore

ddkilzer Tue, 08 Jan 2019 16:59:39 -0800

Title: [239755] trunk/Source/_javascript_Core

Revision: 239755
Author: ddkil...@apple.com
Date: 2019-01-08 16:56:35 -0800 (Tue, 08 Jan 2019)

Log Message

Leak of VectorBufferBase.m_buffer (16-64 bytes) under JSC::CompactVariableEnvironment in com.apple.WebKit.WebContent running layout tests
<https://webkit.org/b/193264>
<rdar://problem/46651026>


Reviewed by Yusuke Suzuki.

* parser/VariableEnvironment.cpp:
(JSC::CompactVariableMap::Handle::~Handle): Call delete on
m_environment instead of fastFree() to make sure the destructors
for the Vector instance variables are run.  This fixes the leaks
because calling fastFree() would only free the
CompactVariableEnvironment object, but not the heap-based
buffers allocated for the Vector instance variables.

Modified Paths

trunk/Source/_javascript_Core/ChangeLog
trunk/Source/_javascript_Core/parser/VariableEnvironment.cpp

Diff

Modified: trunk/Source/_javascript_Core/ChangeLog (239754 => 239755)


--- trunk/Source/_javascript_Core/ChangeLog	2019-01-09 00:45:06 UTC (rev 239754)
+++ trunk/Source/_javascript_Core/ChangeLog	2019-01-09 00:56:35 UTC (rev 239755)
@@ -1,3 +1,19 @@
+2019-01-08  David Kilzer  <ddkil...@apple.com>
+
+        Leak of VectorBufferBase.m_buffer (16-64 bytes) under JSC::CompactVariableEnvironment in com.apple.WebKit.WebContent running layout tests
+        <https://webkit.org/b/193264>
+        <rdar://problem/46651026>
+
+        Reviewed by Yusuke Suzuki.
+
+        * parser/VariableEnvironment.cpp:
+        (JSC::CompactVariableMap::Handle::~Handle): Call delete on
+        m_environment instead of fastFree() to make sure the destructors
+        for the Vector instance variables are run.  This fixes the leaks
+        because calling fastFree() would only free the
+        CompactVariableEnvironment object, but not the heap-based
+        buffers allocated for the Vector instance variables.
+
 2019-01-08  Joseph Pecoraro  <pecor...@apple.com>
 
         ASSERT when paused in debugger and console evaluation causes exception

Modified: trunk/Source/_javascript_Core/parser/VariableEnvironment.cpp (239754 => 239755)


--- trunk/Source/_javascript_Core/parser/VariableEnvironment.cpp	2019-01-09 00:45:06 UTC (rev 239754)
+++ trunk/Source/_javascript_Core/parser/VariableEnvironment.cpp	2019-01-09 00:56:35 UTC (rev 239755)
@@ -179,7 +179,7 @@
     if (!iter->value) {
         ASSERT(m_environment == &iter->key.environment());
         m_map->m_map.remove(iter);
-        fastFree(m_environment);
+        delete m_environment;
     }
 }

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes