[SCM] WebKit Debian packaging branch, debian/experimental, updated. upstream/1.3.3-9427-gc2be6fc

barraclough at apple.com barraclough at apple.com
Wed Dec 22 11:41:11 UTC 2010 

The following commit has been merged in the debian/experimental branch:
commit 35490124684be622f53f52b5fe0e0b74a89cf73a
Author: barraclough at apple.com <barraclough at apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Date:   Tue Aug 3 21:29:32 2010 +0000

    Change to keep returned pointer from malloc family functions to
    quiet memory leak detect.  The pointer is saved in the new m_allocBase
    member of the ArrayStorage structure.  This fixes the issue found in
    https://bugs.webkit.org/show_bug.cgi?id=43229.
    
    Patch by Michael Saboff <msaboff at apple.com> on 2010-08-03
    Reviewed by Gavin Barraclough.
    
    As part of this change, we use m_allocBase when reallocating and
    freeing the memory associated with ArrayStorage.
    
    * runtime/JSArray.cpp:
    (JSC::JSArray::JSArray):
    (JSC::JSArray::~JSArray):
    (JSC::JSArray::putSlowCase):
    (JSC::JSArray::increaseVectorLength):
    (JSC::JSArray::increaseVectorPrefixLength):
    * runtime/JSArray.h:
    
    
    
    git-svn-id: http://svn.webkit.org/repository/webkit/trunk@64588 268f45cc-cd09-0410-ab3c-d52691b4dbfc

diff --git a/JavaScriptCore/ChangeLog b/JavaScriptCore/ChangeLog
index 148fc3d..f01ef9a 100644
--- a/JavaScriptCore/ChangeLog
+++ b/JavaScriptCore/ChangeLog
@@ -1,3 +1,23 @@
+2010-08-03  Michael Saboff  <msaboff at apple.com>
+
+        Reviewed by Gavin Barraclough.
+
+        Change to keep returned pointer from malloc family functions to
+        quiet memory leak detect.  The pointer is saved in the new m_allocBase
+        member of the ArrayStorage structure.  This fixes the issue found in 
+        https://bugs.webkit.org/show_bug.cgi?id=43229.
+
+        As part of this change, we use m_allocBase when reallocating and
+        freeing the memory associated with ArrayStorage.
+
+        * runtime/JSArray.cpp:
+        (JSC::JSArray::JSArray):
+        (JSC::JSArray::~JSArray):
+        (JSC::JSArray::putSlowCase):
+        (JSC::JSArray::increaseVectorLength):
+        (JSC::JSArray::increaseVectorPrefixLength):
+        * runtime/JSArray.h:
+
 2010-08-03  Geoffrey Garen  <ggaren at apple.com>
 
         Try to fix Windows build: Don't use GCActivityCallbackCF on Windows, since
diff --git a/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj b/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj
index 004d2c2..ffd6601 100644
--- a/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj
+++ b/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj
@@ -2293,7 +2293,14 @@
 			isa = PBXProject;
 			buildConfigurationList = 149C277108902AFE008A9EFC /* Build configuration list for PBXProject "JavaScriptCore" */;
 			compatibilityVersion = "Xcode 2.4";
+			developmentRegion = English;
 			hasScannedForEncodings = 1;
+			knownRegions = (
+				English,
+				Japanese,
+				French,
+				German,
+			);
 			mainGroup = 0867D691FE84028FC02AAC07 /* JavaScriptCore */;
 			productRefGroup = 034768DFFF38A50411DB9C8B /* Products */;
 			projectDirPath = "";
diff --git a/JavaScriptCore/runtime/JSArray.cpp b/JavaScriptCore/runtime/JSArray.cpp
index 99e1a10..8ca6617 100644
--- a/JavaScriptCore/runtime/JSArray.cpp
+++ b/JavaScriptCore/runtime/JSArray.cpp
@@ -132,11 +132,14 @@ JSArray::JSArray(NonNullPassRefPtr<Structure> structure)
     unsigned initialCapacity = 0;
 
     ArrayStorage* storage = static_cast<ArrayStorage*>(fastZeroedMalloc(storageSize(initialCapacity)));
+    storage->m_allocBase = storage;
     m_indexBias = 0;
     setArrayStorage(storage);
     m_vectorLength = initialCapacity;
 
     checkConsistency();
+
+    Heap::heap(this)->reportExtraMemoryCost(storageSize(0));
 }
 
 JSArray::JSArray(NonNullPassRefPtr<Structure> structure, unsigned initialLength, ArrayCreationMode creationMode)
@@ -149,6 +152,7 @@ JSArray::JSArray(NonNullPassRefPtr<Structure> structure, unsigned initialLength,
         initialCapacity = min(BASE_VECTOR_LEN, MIN_SPARSE_ARRAY_INDEX);
     
     ArrayStorage* storage = static_cast<ArrayStorage*>(fastMalloc(storageSize(initialCapacity)));
+    storage->m_allocBase = storage;
     storage->m_length = initialLength;
     m_indexBias = 0;
     m_vectorLength = initialCapacity;
@@ -176,7 +180,7 @@ JSArray::JSArray(NonNullPassRefPtr<Structure> structure, unsigned initialLength,
 
     checkConsistency();
     
-    Heap::heap(this)->reportExtraMemoryCost(initialCapacity * sizeof(JSValue));
+    Heap::heap(this)->reportExtraMemoryCost(storageSize(initialCapacity));
 }
 
 JSArray::JSArray(NonNullPassRefPtr<Structure> structure, const ArgList& list)
@@ -185,6 +189,7 @@ JSArray::JSArray(NonNullPassRefPtr<Structure> structure, const ArgList& list)
     unsigned initialCapacity = list.size();
 
     ArrayStorage* storage = static_cast<ArrayStorage*>(fastMalloc(storageSize(initialCapacity)));
+    storage->m_allocBase = storage;
     m_indexBias = 0;
     storage->m_length = initialCapacity;
     m_vectorLength = initialCapacity;
@@ -215,8 +220,7 @@ JSArray::~JSArray()
 
     ArrayStorage* storage = arrayStorage();
     delete storage->m_sparseValueMap;
-    char* realStorage = reinterpret_cast<char*>(storage) - (m_indexBias * sizeof(JSValue));
-    fastFree(realStorage);
+    fastFree(storage->m_allocBase);
 }
 
 bool JSArray::getOwnPropertySlot(ExecState* exec, unsigned i, PropertySlot& slot)
@@ -416,15 +420,15 @@ NEVER_INLINE void JSArray::putSlowCase(ExecState* exec, unsigned i, JSValue valu
         }
     }
 
-    int baseBias = m_indexBias * sizeof(JSValue);
-    char* baseStorage = reinterpret_cast<char*>(storage - baseBias);
+    void* baseStorage = storage->m_allocBase;
     
     if (!tryFastRealloc(baseStorage, storageSize(newVectorLength + m_indexBias)).getValue(baseStorage)) {
         throwOutOfMemoryError(exec);
         return;
     }
 
-    storage = reinterpret_cast<ArrayStorage*>(baseStorage + baseBias);
+    storage = reinterpret_cast<ArrayStorage*>(static_cast<char*>(baseStorage) + m_indexBias * sizeof(JSValue));
+    storage->m_allocBase = baseStorage;
     setArrayStorage(storage);
     
     unsigned vectorLength = m_vectorLength;
@@ -567,13 +571,13 @@ bool JSArray::increaseVectorLength(unsigned newLength)
     ASSERT(newLength > vectorLength);
     ASSERT(newLength <= MAX_STORAGE_VECTOR_INDEX);
     unsigned newVectorLength = getNewVectorLength(newLength);
-    int baseBias = m_indexBias * sizeof(JSValue);
-    char* baseStorage = reinterpret_cast<char*>(storage) - baseBias;
+    void* baseStorage = storage->m_allocBase;
 
     if (!tryFastRealloc(baseStorage, storageSize(newVectorLength + m_indexBias)).getValue(baseStorage))
         return false;
-    
-    storage = reinterpret_cast<ArrayStorage*>(baseStorage + baseBias);
+
+    storage = reinterpret_cast<ArrayStorage*>(static_cast<char*>(baseStorage) + m_indexBias * sizeof(JSValue));
+    storage->m_allocBase = baseStorage;
     setArrayStorage(storage);
 
     JSValue* vector = m_vector;
@@ -599,23 +603,22 @@ bool JSArray::increaseVectorPrefixLength(unsigned newLength)
     ASSERT(newLength > vectorLength);
     ASSERT(newLength <= MAX_STORAGE_VECTOR_INDEX);
     unsigned newVectorLength = getNewVectorLength(newLength);
-    char* baseStorage = reinterpret_cast<char*>(storage) - (m_indexBias * sizeof(JSValue));
-    
-    char* newBaseStorage = reinterpret_cast<char*>(fastMalloc(storageSize(newVectorLength + m_indexBias)));
+
+    void* newBaseStorage = fastMalloc(storageSize(newVectorLength + m_indexBias));
     if (!newBaseStorage)
         return false;
     
     m_indexBias += newVectorLength - newLength;
-    int newStorageOffset = m_indexBias * sizeof(JSValue);
-    
-    newStorage = reinterpret_cast<ArrayStorage*>(newBaseStorage + newStorageOffset);
     
+    newStorage = reinterpret_cast<ArrayStorage*>(static_cast<char*>(newBaseStorage) + m_indexBias * sizeof(JSValue));
+
     memcpy(newStorage, storage, storageSize(0));
     memcpy(&newStorage->m_vector[newLength - m_vectorLength], &storage->m_vector[0], storage->m_length * sizeof(JSValue));
     
+    newStorage->m_allocBase = newBaseStorage;
     m_vectorLength = newLength;
     
-    fastFree(baseStorage);
+    fastFree(storage->m_allocBase);
 
     setArrayStorage(newStorage);
     
diff --git a/JavaScriptCore/runtime/JSArray.h b/JavaScriptCore/runtime/JSArray.h
index a7ce328..d6b9b8b 100644
--- a/JavaScriptCore/runtime/JSArray.h
+++ b/JavaScriptCore/runtime/JSArray.h
@@ -39,6 +39,7 @@ namespace JSC {
         unsigned m_numValuesInVector;
         SparseArrayValueMap* m_sparseValueMap;
         void* subclassData; // A JSArray subclass can use this to fill the vector lazily.
+        void* m_allocBase; // Pointer to base address returned by malloc().  Keeping this pointer does eliminate false positives from the leak detector.
         size_t reportedMapCapacity;
 #if CHECK_ARRAY_CONSISTENCY
         bool m_inCompactInitialization;

-- 
WebKit Debian packaging

More information about the Pkg-webkit-commits mailing list