[webkit-dev] Possible crash in FrameView::endDeferredRepaints()
Darin Adler
darin at apple.com
Wed Dec 17 15:08:21 PST 2008
On Dec 17, 2008, at 1:35 PM, Kenneth Christiansen wrote:
> The problem here is that repaintContentRectangle auments (d-
> >m_repaintRects.append(r)) the items in m_repaintRects or clears it
> (d->m_repaintRects.clear()), thus the size of m_repaintRects[]
> changes while iterating it, which can result in a crash.
Well no, that append will only happen if m_deferringRepaints is non-
zero, and the loop in endDeferredRepaints only runs if if
m_deferringRepaints is zero.
Maybe your test case shows some bug in that logic?
-- Darin
More information about the webkit-dev
mailing list