Changeset 38263 in webkit


Ignore:
Timestamp:
Nov 10, 2008, 9:03:36 AM (17 years ago)
Author:
Darin Adler
Message:

2008-11-10 Darin Adler <Darin Adler>

Reviewed by Adam Roben.

  • speculative fix for <rdar://problem/5557243> crashes in Safari at WebCore::HTMLSelectElement::updateListBoxSelection + 280
  • html/HTMLSelectElement.cpp: (WebCore::HTMLSelectElement::updateListBoxSelection): Check index against size of vector before indexing into the vector.
Location:
trunk/WebCore
Files:
2 edited

Legend:

Unmodified
Added
Removed

  • trunk/WebCore/ChangeLog

    r38254 r38263  
     12008-11-10  Darin Adler  <darin@apple.com>
     2
     3        Reviewed by Adam Roben.
     4
     5        - speculative fix for <rdar://problem/5557243> crashes in Safari at
     6          WebCore::HTMLSelectElement::updateListBoxSelection + 280
     7
     8        * html/HTMLSelectElement.cpp:
     9        (WebCore::HTMLSelectElement::updateListBoxSelection):
     10        Check index against size of vector before indexing into the vector.
     11
    1122008-11-10  Tom Cooksey  <thomas.cooksey@trolltech.com>
    213

  • trunk/WebCore/html/HTMLSelectElement.cpp

    r38207 r38263  
    866866                if (i >= start && i <= end)
    867867                    option->setSelectedState(m_activeSelectionState);
    868                 else if (deselectOtherOptions)
     868                else if (deselectOtherOptions || i >= m_cachedStateForActiveSelection.size())
    869869                    option->setSelectedState(false);
    870870                else
Note: See TracChangeset for help on using the changeset viewer.