当我发现我的UIWebView中类型范围的输入元素在添加到文档时泄漏了12个字节时,我正准备提交我的应用程序以供审核。没有随后的泄漏;即使使用滑块也不行。
对于如何继续提交我的任何建议,我将不胜感激。我应该担心大约12个字节吗?我应该找到解决这个问题的方法,比方说,根本不使用这个元素吗?或者,我是否应该向审核人员记录泄漏情况(在Review Notes rubric下)?
可以使用最小的UIWebView应用程序复制泄漏:
#import "TjaViewController.h"
@interface TjaViewController ()
@property (weak, nonatomic) IBOutlet UIWebView *webView;
@end
@implementation TjaViewController
- (void)viewDidLoad
{
[super viewDidLoad];
[self.webView loadHTMLString:@"<input type='range'>" baseURL:nil];
}
@end
使用Instruments分析应用程序会产生一个具有以下属性的泄漏:
类别:Malloc 12字节
保留数:1
负责任的图书馆:JavaScriptCore
负责的来电者:WTF :: fastMalloc(unsigned long)
堆栈恍惚:
32 libsystem_pthread.dylib thread_start
31 libsystem_pthread.dylib _pthread_start
30 libsystem_pthread.dylib _pthread_body
29 WebCore RunWebThread(void*)
28 CoreFoundation CFRunLoopRunInMode
27 CoreFoundation CFRunLoopRunSpecific
26 CoreFoundation __CFRunLoopRun
25 CoreFoundation __CFRunLoopDoSources0
24 CoreFoundation __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__
23 WebCore HandleRunSource
22 WebCore ___ZN7WebCoreL26applicationDidBecomeActiveEP22__CFNotificationCenterPvPK10__CFStringPKvPK14__CFDictionary_block_invoke
21 WebCore WebCore::ThreadTimers::sharedTimerFiredInternal()
20 WebCore WebCore::DocumentLoader::handleSubstituteDataLoadNow(WebCore::Timer<WebCore::DocumentLoader>*)
19 WebCore WebCore::DocumentLoader::responseReceived(WebCore::CachedResource*, WebCore::ResourceResponse const&)
18 WebCore WebCore::DocumentLoader::continueAfterContentPolicy(WebCore::PolicyAction)
17 WebCore WebCore::DocumentLoader::dataReceived(WebCore::CachedResource*, char const*, int)
16 WebCore WebCore::DocumentLoader::commitLoad(char const*, int)
15 WebKit WebFrameLoaderClient::committedLoad(WebCore::DocumentLoader*, char const*, int)
14 WebKit -[WebDataSource(WebInternal) _receivedData:]
13 WebKit -[WebHTMLRepresentation receivedData:withDataSource:]
12 WebCore WebCore::DocumentLoader::commitData(char const*, unsigned long)
11 WebCore WebCore::DecodedDataDocumentParser::appendBytes(WebCore::DocumentWriter*, char const*, unsigned long)
10 WebCore WebCore::HTMLDocumentParser::append(WTF::PassRefPtr<WTF::StringImpl>)
9 WebCore WebCore::HTMLDocumentParser::pumpTokenizer(WebCore::HTMLDocumentParser::SynchronousMode)
8 WebCore WebCore::HTMLDocumentParser::constructTreeFromHTMLToken(WebCore::HTMLToken&)
7 WebCore WebCore::HTMLConstructionSite::executeQueuedTasks()
6 WebCore WebCore::executeTask(WebCore::HTMLConstructionSiteTask&)
5 WebCore WebCore::insert(WebCore::HTMLConstructionSiteTask&, bool)
4 WebCore WebCore::HTMLInputElement::attach(WebCore::Node::AttachContext const&)
3 WebCore WebCore::FeatureObserver::didObserve(WebCore::FeatureObserver::Feature)
2 JavaScriptCore WTF::BitVector::resizeOutOfLine(unsigned long)
1 JavaScriptCore WTF::fastMalloc(unsigned long)
0 JavaScriptCore WTF::MallocHook::recordAllocation(void*, unsigned long)
答案 0 :(得分:3)
我想我想出来了
似乎它是libWTF的漏洞
这是https://github.com/leolannenmaki/JavaScriptCore-iOS
的原始代码void BitVector::resizeOutOfLine(size_t numBits)
{
ASSERT(numBits > maxInlineBits());
OutOfLineBits* newOutOfLineBits = OutOfLineBits::create(numBits);
size_t newNumWords = newOutOfLineBits->numWords();
if (isInline()) {
// Make sure that all of the bits are zero in case we do a no-op resize.
*newOutOfLineBits->bits() = m_bitsOrPointer & ~(static_cast<uintptr_t>(1) << maxInlineBits());
memset(newOutOfLineBits->bits() + 1, 0, (newNumWords - 1) * sizeof(void*));
} else {
if (numBits > size()) {
size_t oldNumWords = outOfLineBits()->numWords();
memcpy(newOutOfLineBits->bits(), outOfLineBits()->bits(), oldNumWords * sizeof(void*));
memset(newOutOfLineBits->bits() + oldNumWords, 0, (newNumWords - oldNumWords) * sizeof(void*));
} else
memcpy(newOutOfLineBits->bits(), outOfLineBits()->bits(), newOutOfLineBits->numWords() * sizeof(void*));
OutOfLineBits::destroy(outOfLineBits());
}
m_bitsOrPointer = bitwise_cast<uintptr_t>(newOutOfLineBits) >> 1;
}
显然,当代码进入isInline()
时,newOutOfLineBits不会被破坏我试图替换系统JavascriptCore.framework
/Applications/Xcode.app/Contents/Developer/Platforms/iPhoneSimulator.platform/Developer/SDKs/iPhoneSimulator7.1.sdk/System/Library/Frameworks/JavaScriptCore.framework
但失败了,系统框架是从动态库
编译的据我所知,苹果禁止为iOS编译动态库...
所以我认为唯一的办法就是向Apple报告这个漏洞......