Changeset 179495 in webkit
- Timestamp:
- Feb 2, 2015 1:39:14 PM (9 years ago)
- Location:
- trunk/Source/WebCore
- Files:
-
- 2 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/Source/WebCore/ChangeLog
r179494 r179495 1 2015-02-02 peavo@outlook.com <peavo@outlook.com> 2 3 Memory is written to after deallocated, in GraphicsLayer::setMaskLayer. 4 https://bugs.webkit.org/show_bug.cgi?id=141168 5 6 Reviewed by Brent Fulgham. 7 8 Visual Studio detected that a deallocated heap block had been modified in GraphicsLayer::setMaskLayer, 9 when called from RenderLayerBacking::updateChildClippingStrategy. 10 11 * rendering/RenderLayerBacking.cpp: 12 (WebCore::RenderLayerBacking::updateChildClippingStrategy): 13 1 14 2015-02-02 Andreas Kling <akling@apple.com> 2 15 -
trunk/Source/WebCore/rendering/RenderLayerBacking.cpp
r179369 r179495 1469 1469 } else { 1470 1470 if (m_childClippingMaskLayer) { 1471 m_childClippingMaskLayer = nullptr;1472 1471 if (hasClippingLayer()) 1473 1472 clippingLayer()->setMaskLayer(nullptr); 1473 m_childClippingMaskLayer = nullptr; 1474 1474 } else 1475 1475 if (hasClippingLayer())
Note: See TracChangeset
for help on using the changeset viewer.