Bug 213165

Summary:

Fix Overrelease in makeFailureSetForAllTextManipulationItems

Product:

WebKit

Reporter:

Richard Houle <rhoule>

Component:

WebKit2

Assignee:

Nobody <webkit-unassigned>

Status:

RESOLVED FIXED

Severity:

Critical

CC:

darin, rniwa, webkit-bug-importer, wenson_hsieh

Priority:

Keywords:

InRadar

Version:

WebKit Nightly Build

Hardware:

Unspecified

OS:

Unspecified

Attachments:

Description	Flags
Proposed fix V1	wenson_hsieh: review+
Proposed Fix V2	none

Richard Houle

Reported 2020-06-13 09:32:18 PDT

The following line of code in Source/WebKit/UIProcess/API/Cocoa/WKWebView.mm: RetainPtr<NSMutableArray> wkFailures = adoptNS([[[NSMutableArray alloc] initWithCapacity:items.count] autorelease]); causes an overrelease when the autorelease pool is drained.

Attachments
Proposed fix V1 (2.06 KB, patch) 2020-06-13 09:38 PDT, Richard Houle	wenson_hsieh: review+	Details Formatted Diff Diff
Proposed Fix V2 (2.10 KB, patch) 2020-06-13 11:44 PDT, Richard Houle	no flags	Details Formatted Diff Diff
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.

Richard Houle

Comment 1 2020-06-13 09:38:00 PDT

Created attachment 401838 [details] Proposed fix V1

Wenson Hsieh

Comment 2 2020-06-13 11:12:42 PDT

Comment on attachment 401838 [details] Proposed fix V1 Good catch!

Wenson Hsieh

Comment 3 2020-06-13 11:14:24 PDT

Comment on attachment 401838 [details] Proposed fix V1 View in context: https://bugs.webkit.org/attachment.cgi?id=401838&action=review > Source/WebKit/ChangeLog:3 > + https://bugs.webkit.org/show_bug.cgi?id=213165 The fix looks good to me, but please add the bug title here as well.

Richard Houle

Comment 4 2020-06-13 11:44:40 PDT

Created attachment 401846 [details] Proposed Fix V2

EWS

Comment 5 2020-06-13 12:06:29 PDT

Committed r263004: <https://trac.webkit.org/changeset/263004> All reviewed patches have been landed. Closing bug and clearing flags on attachment 401846 [details].

Radar WebKit Bug Importer

Comment 6 2020-06-13 12:07:16 PDT

<rdar://problem/64331098>

Darin Adler

Comment 7 2020-06-13 14:02:31 PDT

Someone should grep "adopt.+autorelease" across the whole source tree to see if we made the identical mistake in the exact same way elsewhere. I’d do myself if I had source checked out on a readily accessible computer, but that might not happen for a few days.

Richard Houle

Comment 8 2020-06-13 14:03:55 PDT

I did grep the entire tree. This was the only problematic entry.

Darin Adler

Comment 9 2020-06-13 14:05:27 PDT

(In reply to Richard Houle from comment #8) > I did grep the entire tree. Great. Thanks!

Note You need to log in before you can comment on or make changes to this bug.