REGRESSION(r117861): It made almost all tests crash on Qt

https://bugs.webkit.org/show_bug.cgi?id=87082

Patch by Filip Pizlo <fpizlo@apple.com> on 2012-05-22
Reviewed by Csaba Osztrogonác.

Using OwnArrayPtr is a bad idea if you allocate array with fastCalloc.

* wtf/FastBitVector.h:
(WTF::FastBitVector::FastBitVector):
(WTF::FastBitVector::~FastBitVector):
(FastBitVector):
(WTF::FastBitVector::operator=):
(WTF::FastBitVector::resize):
(WTF::FastBitVector::setAll):
(WTF::FastBitVector::clearAll):
(WTF::FastBitVector::set):

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@117919 268f45cc-cd09-0410-ab3c-d52691b4dbfc

diff --git a/Source/WTF/ChangeLog b/Source/WTF/ChangeLog
index cbd5d95..193a055 100644 (file)
--- a/Source/WTF/ChangeLog
+++ b/Source/WTF/ChangeLog
@@ -1,3 +1,22 @@
+2012-05-22  Filip Pizlo  <fpizlo@apple.com>
+
+        REGRESSION(r117861): It made almost all tests crash on Qt
+        https://bugs.webkit.org/show_bug.cgi?id=87082
+
+        Reviewed by Csaba Osztrogonác.
+        
+        Using OwnArrayPtr is a bad idea if you allocate array with fastCalloc.
+
+        * wtf/FastBitVector.h:
+        (WTF::FastBitVector::FastBitVector):
+        (WTF::FastBitVector::~FastBitVector):
+        (FastBitVector):
+        (WTF::FastBitVector::operator=):
+        (WTF::FastBitVector::resize):
+        (WTF::FastBitVector::setAll):
+        (WTF::FastBitVector::clearAll):
+        (WTF::FastBitVector::set):
+
 2012-05-21  Filip Pizlo  <fpizlo@apple.com>
 
         DFG should be able to compute dominators

diff --git a/Source/WTF/wtf/FastBitVector.h b/Source/WTF/wtf/FastBitVector.h
index 49aa52d..97f9adf 100644 (file)
--- a/Source/WTF/wtf/FastBitVector.h
+++ b/Source/WTF/wtf/FastBitVector.h
@@ -35,20 +35,32 @@ namespace WTF {
 
 class FastBitVector {
 public:
-    FastBitVector() : m_numBits(0) { }
+    FastBitVector()
+        : m_array(0)
+        , m_numBits(0)
+    {
+    }
     
     FastBitVector(const FastBitVector& other)
-        : m_numBits(0)
+        : m_array(0)
+        , m_numBits(0)
     {
         *this = other;
     }
     
+    ~FastBitVector()
+    {
+        if (m_array)
+            fastFree(m_array);
+    }
+    
     FastBitVector& operator=(const FastBitVector& other)
     {
         size_t length = other.arrayLength();
-        PassOwnArrayPtr<uint32_t> newArray = adoptArrayPtr(
-            static_cast<uint32_t*>(fastCalloc(length, 4)));
-        memcpy(newArray.get(), other.m_array.get(), length * 4);
+        uint32_t* newArray = static_cast<uint32_t*>(fastCalloc(length, 4));
+        memcpy(newArray, other.m_array, length * 4);
+        if (m_array)
+            fastFree(m_array);
         m_array = newArray;
         m_numBits = other.m_numBits;
         return *this;
@@ -62,27 +74,28 @@ public:
         // use case for this method to be initializing the size of the bitvector.
         
         size_t newLength = (numBits + 31) >> 5;
-        PassOwnArrayPtr<uint32_t> newArray = adoptArrayPtr(
-            static_cast<uint32_t*>(fastCalloc(newLength, 4)));
-        memcpy(newArray.get(), m_array.get(), arrayLength() * 4);
+        uint32_t* newArray = static_cast<uint32_t*>(fastCalloc(newLength, 4));
+        memcpy(newArray, m_array, arrayLength() * 4);
+        if (m_array)
+            fastFree(m_array);
         m_array = newArray;
         m_numBits = numBits;
     }
     
     void setAll()
     {
-        memset(m_array.get(), 255, arrayLength() * 4);
+        memset(m_array, 255, arrayLength() * 4);
     }
     
     void clearAll()
     {
-        memset(m_array.get(), 0, arrayLength() * 4);
+        memset(m_array, 0, arrayLength() * 4);
     }
     
     void set(const FastBitVector& other)
     {
         ASSERT(m_numBits == other.m_numBits);
-        memcpy(m_array.get(), other.m_array.get(), arrayLength() * 4);
+        memcpy(m_array, other.m_array, arrayLength() * 4);
     }
     
     bool setAndCheck(const FastBitVector& other)
@@ -159,7 +172,7 @@ public:
 private:
     size_t arrayLength() const { return (m_numBits + 31) >> 5; }
     
-    OwnArrayPtr<uint32_t> m_array;
+    uint32_t* m_array; // No, this can't be an OwnArrayPtr.
     size_t m_numBits;
 };