Changeset 179495 in webkit


Ignore:
Timestamp:
Feb 2, 2015 1:39:14 PM (9 years ago)
Author:
commit-queue@webkit.org
Message:

Memory is written to after deallocated, in GraphicsLayer::setMaskLayer.
https://bugs.webkit.org/show_bug.cgi?id=141168

Patch by peavo@outlook.com <peavo@outlook.com> on 2015-02-02
Reviewed by Brent Fulgham.

Visual Studio detected that a deallocated heap block had been modified in GraphicsLayer::setMaskLayer,
when called from RenderLayerBacking::updateChildClippingStrategy.

  • rendering/RenderLayerBacking.cpp:

(WebCore::RenderLayerBacking::updateChildClippingStrategy):

Location:
trunk/Source/WebCore
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • trunk/Source/WebCore/ChangeLog

    r179494 r179495  
     12015-02-02  peavo@outlook.com  <peavo@outlook.com>
     2
     3        Memory is written to after deallocated, in GraphicsLayer::setMaskLayer.
     4        https://bugs.webkit.org/show_bug.cgi?id=141168
     5
     6        Reviewed by Brent Fulgham.
     7
     8        Visual Studio detected that a deallocated heap block had been modified in GraphicsLayer::setMaskLayer,
     9        when called from RenderLayerBacking::updateChildClippingStrategy.
     10
     11        * rendering/RenderLayerBacking.cpp:
     12        (WebCore::RenderLayerBacking::updateChildClippingStrategy):
     13
    1142015-02-02  Andreas Kling  <akling@apple.com>
    215
  • trunk/Source/WebCore/rendering/RenderLayerBacking.cpp

    r179369 r179495  
    14691469    } else {
    14701470        if (m_childClippingMaskLayer) {
    1471             m_childClippingMaskLayer = nullptr;
    14721471            if (hasClippingLayer())
    14731472                clippingLayer()->setMaskLayer(nullptr);
     1473            m_childClippingMaskLayer = nullptr;
    14741474        } else
    14751475            if (hasClippingLayer())
Note: See TracChangeset for help on using the changeset viewer.