Changeset 67641 in webkit
- Timestamp:
- Sep 16, 2010 11:06:48 AM (14 years ago)
- Location:
- trunk/WebCore
- Files:
-
- 1 added
- 2 edited
-
ChangeLog (modified) (1 diff)
-
manual-tests/selection-drag-crash.html (added)
-
platform/DragImage.cpp (modified) (1 diff)
Legend:
- Unmodified
- Added
- Removed
-
trunk/WebCore/ChangeLog
r67635 r67641 1 2010-09-16 Daniel Cheng <dcheng@chromium.org> 2 3 Reviewed by Tony Chang. 4 5 Fix incorrect usage of dissolveDragImageToFraction(). 6 https://bugs.webkit.org/show_bug.cgi?id=45835 7 8 createDragImageForSelection() was ignoring the return value of 9 dissolveDragImageToFraction(). This didn't happen to crash on most 10 platforms, since most implementations simply modified the image that was 11 passed in. However, Chromium Mac's implementation actually creates a new 12 image and returns that instead. This caused us to crash when copying the 13 image from the renderer to the browser process, since the memory had 14 already been freed. 15 16 * manual-tests/selection-drag-crash.html: Added. 17 * platform/DragImage.cpp: 18 (WebCore::createDragImageForSelection): 19 1 20 2010-09-16 Sheriff Bot <webkit.review.bot@gmail.com> 2 21 -
trunk/WebCore/platform/DragImage.cpp
r48426 r67641 70 70 DragImageRef image = frame->dragImageForSelection(); 71 71 if (image) 72 dissolveDragImageToFraction(image, DragController::DragImageAlpha);72 image = dissolveDragImageToFraction(image, DragController::DragImageAlpha); 73 73 return image; 74 74 }
Note: See TracChangeset
for help on using the changeset viewer.
