Changeset 80155 in webkit


Ignore:
Timestamp:
Mar 2, 2011 11:56:10 AM (12 years ago)
Author:
mihaip@chromium.org
Message:

2011-03-02 Mihai Parparita <mihaip@chromium.org>

Reviewed by Dimitri Glazkov.

Add CRASH() for CSSSelector double frees
https://bugs.webkit.org/show_bug.cgi?id=55596

To help track down bug 53045, add a CRASH call when the CSSSelector
destructor is invoked more than once.

Just a check, no new tests necessary.

  • css/CSSSelector.h: (WebCore::CSSSelector::CSSSelector): (WebCore::CSSSelector::~CSSSelector):
Location:
trunk/Source/WebCore
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • trunk/Source/WebCore/ChangeLog

    r80151 r80155  
     12011-03-02  Mihai Parparita  <mihaip@chromium.org>
     2
     3        Reviewed by Dimitri Glazkov.
     4
     5        Add CRASH() for CSSSelector double frees
     6        https://bugs.webkit.org/show_bug.cgi?id=55596
     7       
     8        To help track down bug 53045, add a CRASH call when the CSSSelector
     9        destructor is invoked more than once.
     10
     11        Just a check, no new tests necessary.
     12
     13        * css/CSSSelector.h:
     14        (WebCore::CSSSelector::CSSSelector):
     15        (WebCore::CSSSelector::~CSSSelector):
     16
    1172011-03-02  Carol Szabo  <carol.szabo@nokia.com>
    218
  • trunk/Source/WebCore/css/CSSSelector.h

    r77954 r80155  
    4444            , m_hasRareData(false)
    4545            , m_isForPage(false)
     46            , m_deleted(false)
    4647            , m_tag(anyQName())
    4748        {
     
    5758            , m_hasRareData(false)
    5859            , m_isForPage(false)
     60            , m_deleted(false)
    5961            , m_tag(qName)
    6062        {
     
    6365        ~CSSSelector()
    6466        {
     67            if (m_deleted)
     68                CRASH();
     69            m_deleted = true;
    6570            if (m_hasRareData)
    6671                delete m_data.m_rareData;
     
    280285        bool m_hasRareData            : 1;
    281286        bool m_isForPage              : 1;
     287        // FIXME: Remove once http://webkit.org/b/53045 is fixed.
     288        bool m_deleted                : 1;
    282289
    283290        unsigned specificityForOneSelector() const;
Note: See TracChangeset for help on using the changeset viewer.