P4
FULL PRODUCT VERSION :
A DESCRIPTION OF THE PROBLEM :
This is a follow up for my original report - Review ID:JI-9041436.
In July 2013 a new version of webkit was merged into Java FX code base.
The older version of JSValueMakeString wouldn't make a copy:
http://hg.openjdk.java.net/openjfx/8u-dev/rt/file/bcd662ba5826/modules/web/src/main/native/Source/JavaScriptCore/API/OpaqueJSString.cpp
UString OpaqueJSString::ustring() const
{
if (this && m_characters)
return UString(m_characters, m_length);
return UString();
}
http://hg.openjdk.java.net/openjfx/8u-dev/rt/file/bcd662ba5826/modules/web/src/main/native/Source/JavaScriptCore/API/JSValueRef.cpp
JSValueRef JSValueMakeString(JSContextRef ctx, JSStringRef string)
{
ExecState* exec = toJS(ctx);
APIEntryShim entryShim(exec);
return toRef(exec, jsString(exec, string->ustring()));
}
But the new version of OpaqueJSString makes a copy:
http://hg.openjdk.java.net/openjfx/8u-dev/rt/file/8cbaf9096cda/modules/web/src/main/native/Source/JavaScriptCore/API/OpaqueJSString.cpp
String OpaqueJSString::string() const
{
if (!this)
return String();
// Return a copy of the wrapped string, because the caller may make it an Identifier.
return m_string.isolatedCopy();
}
http://hg.openjdk.java.net/openjfx/8u-dev/rt/file/8cbaf9096cda/modules/web/src/main/native/Source/JavaScriptCore/API/JSValueRef.cpp
JSValueRef JSValueMakeString(JSContextRef ctx, JSStringRef string)
{
if (!ctx) {
ASSERT_NOT_REACHED();
return 0;
}
ExecState* exec = toJS(ctx);
APIEntryShim entryShim(exec);
return toRef(exec, jsString(exec, string->string()));
}
In BridgeUtils.cpp - Java_Object_to_JSValue never accomodated for the change and now leaks memory.
if (env->IsInstanceOf(val, clString)) {
JSStringRef value = asJSStringRef(env, (jstring) val);
return JSValueMakeString(ctx, value);
}
The "value" variable is getting cloned in JSValueMakeString, but it's never released.
REPRODUCIBILITY :
This bug can be reproduced always.
A DESCRIPTION OF THE PROBLEM :
This is a follow up for my original report - Review ID:
In July 2013 a new version of webkit was merged into Java FX code base.
The older version of JSValueMakeString wouldn't make a copy:
http://hg.openjdk.java.net/openjfx/8u-dev/rt/file/bcd662ba5826/modules/web/src/main/native/Source/JavaScriptCore/API/OpaqueJSString.cpp
UString OpaqueJSString::ustring() const
{
if (this && m_characters)
return UString(m_characters, m_length);
return UString();
}
http://hg.openjdk.java.net/openjfx/8u-dev/rt/file/bcd662ba5826/modules/web/src/main/native/Source/JavaScriptCore/API/JSValueRef.cpp
JSValueRef JSValueMakeString(JSContextRef ctx, JSStringRef string)
{
ExecState* exec = toJS(ctx);
APIEntryShim entryShim(exec);
return toRef(exec, jsString(exec, string->ustring()));
}
But the new version of OpaqueJSString makes a copy:
http://hg.openjdk.java.net/openjfx/8u-dev/rt/file/8cbaf9096cda/modules/web/src/main/native/Source/JavaScriptCore/API/OpaqueJSString.cpp
String OpaqueJSString::string() const
{
if (!this)
return String();
// Return a copy of the wrapped string, because the caller may make it an Identifier.
return m_string.isolatedCopy();
}
http://hg.openjdk.java.net/openjfx/8u-dev/rt/file/8cbaf9096cda/modules/web/src/main/native/Source/JavaScriptCore/API/JSValueRef.cpp
JSValueRef JSValueMakeString(JSContextRef ctx, JSStringRef string)
{
if (!ctx) {
ASSERT_NOT_REACHED();
return 0;
}
ExecState* exec = toJS(ctx);
APIEntryShim entryShim(exec);
return toRef(exec, jsString(exec, string->string()));
}
In BridgeUtils.cpp - Java_Object_to_JSValue never accomodated for the change and now leaks memory.
if (env->IsInstanceOf(val, clString)) {
JSStringRef value = asJSStringRef(env, (jstring) val);
return JSValueMakeString(ctx, value);
}
The "value" variable is getting cloned in JSValueMakeString, but it's never released.
REPRODUCIBILITY :
This bug can be reproduced always.
- duplicates
-
JDK-8161053 Passing objects between JavaScript (JavaFX / WebKit) and Java causes a memory leak
-
- Resolved
-
- relates to
-
-
- Resolved
-