[SCM] WebKit Debian packaging branch, webkit-1.1, updated. upstream/1.1.20-204-g221d8e8
ggaren at apple.com
ggaren at apple.com
Wed Feb 10 22:17:49 UTC 2010
The following commit has been merged in the webkit-1.1 branch:
commit 68b56898325f37824f73f373e57b17207eb8c1bf
Author: ggaren at apple.com <ggaren at apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Date: Sat Feb 6 04:25:52 2010 +0000
Added an ASSERT to catch an implausible but theoretically possible leak.
Reviewed by Dan Bernstein.
In theory, if malloc allocated a UChar buffer directly after a StringImpl,
the StringImpl might incorrecly assume that the UChar buffer was inline,
and fail to delete it.
This ASSERT is somewhat academic, since we don't use the same allocator
in debug builds, but oh well.
* platform/text/StringImpl.cpp:
(WebCore::StringImpl::StringImpl):
(WebCore::StringImpl::createUninitialized):
* platform/text/StringImpl.h: Separated the inline buffer StringImpl
constructor from the out-of-line buffer StringImpl constructor. Made
the former ASSERT that its buffer was indeed inline, and the latter ASSERT
that its buffer was indeed not inline.
git-svn-id: http://svn.webkit.org/repository/webkit/trunk@54460 268f45cc-cd09-0410-ab3c-d52691b4dbfc
diff --git a/WebCore/ChangeLog b/WebCore/ChangeLog
index d98955d..8f20509 100644
--- a/WebCore/ChangeLog
+++ b/WebCore/ChangeLog
@@ -1,3 +1,24 @@
+2010-02-05 Geoffrey Garen <ggaren at apple.com>
+
+ Reviewed by Dan Bernstein.
+
+ Added an ASSERT to catch an implausible but theoretically possible leak.
+
+ In theory, if malloc allocated a UChar buffer directly after a StringImpl,
+ the StringImpl might incorrecly assume that the UChar buffer was inline,
+ and fail to delete it.
+
+ This ASSERT is somewhat academic, since we don't use the same allocator
+ in debug builds, but oh well.
+
+ * platform/text/StringImpl.cpp:
+ (WebCore::StringImpl::StringImpl):
+ (WebCore::StringImpl::createUninitialized):
+ * platform/text/StringImpl.h: Separated the inline buffer StringImpl
+ constructor from the out-of-line buffer StringImpl constructor. Made
+ the former ASSERT that its buffer was indeed inline, and the latter ASSERT
+ that its buffer was indeed not inline.
+
2010-02-05 Chris Marrin <cmarrin at apple.com>
Reviewed by Simon Fraser.
diff --git a/WebCore/platform/text/StringImpl.cpp b/WebCore/platform/text/StringImpl.cpp
index 3b61a0b..db6152d 100644
--- a/WebCore/platform/text/StringImpl.cpp
+++ b/WebCore/platform/text/StringImpl.cpp
@@ -97,6 +97,16 @@ inline StringImpl::StringImpl(const UChar* characters, unsigned length)
{
ASSERT(characters);
ASSERT(length);
+ ASSERT(!bufferIsInternal());
+}
+
+inline StringImpl::StringImpl(unsigned length)
+ : m_data(reinterpret_cast<const UChar*>(this + 1))
+ , m_length(length)
+ , m_hash(0)
+{
+ ASSERT(length);
+ ASSERT(bufferIsInternal());
}
StringImpl::~StringImpl()
@@ -927,7 +937,7 @@ PassRefPtr<StringImpl> StringImpl::createUninitialized(unsigned length, UChar*&
size_t size = sizeof(StringImpl) + length * sizeof(UChar);
StringImpl* string = static_cast<StringImpl*>(fastMalloc(size));
data = reinterpret_cast<UChar*>(string + 1);
- string = new (string) StringImpl(data, length);
+ string = new (string) StringImpl(length);
return adoptRef(string);
}
diff --git a/WebCore/platform/text/StringImpl.h b/WebCore/platform/text/StringImpl.h
index f7a9d06..21f936d 100644
--- a/WebCore/platform/text/StringImpl.h
+++ b/WebCore/platform/text/StringImpl.h
@@ -66,9 +66,12 @@ private:
friend class ThreadGlobalData;
StringImpl();
- // This adopts the UChar* without copying the buffer.
+ // This constructor adopts the UChar* without copying the buffer.
StringImpl(const UChar*, unsigned length);
+ // This constructor assumes that 'this' was allocated with a UChar buffer of size 'length' at the end.
+ StringImpl(unsigned length);
+
// For use only by AtomicString's XXXTranslator helpers.
void setHash(unsigned hash) { ASSERT(!m_hash); m_hash = hash; }
--
WebKit Debian packaging
More information about the Pkg-webkit-commits
mailing list