[webkit-reviews] review requested: [Bug 16888] -webkit-border-image crash/invalid free : [Attachment 18485] Fix memory corruption - just store Values as member vars, don't allocate them

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Wed Jan 16 16:13:14 PST 2008


Michael Goddard <michael.goddard at trolltech.com> has asked  for review:
Bug 16888: -webkit-border-image crash/invalid free
http://bugs.webkit.org/show_bug.cgi?id=16888

Attachment 18485: Fix memory corruption - just store Values as member vars,
don't allocate them
http://bugs.webkit.org/attachment.cgi?id=18485&action=edit

------- Additional Comments from Michael Goddard
<michael.goddard at trolltech.com>
In the original code, m_borderTop etc were OwnPtr<Value>s, and so we needed to
give them a valid pointer (hence the allocation in the previous patch, rather
than the middle of an array).  Since the BorderImageParseContext is stack
allocated anyway, just make it slightly larger to hold actual Values and copy
them in.  This needs an extra variable to track which Values are valid.


More information about the webkit-reviews mailing list