[webkit-reviews] review requested: [Bug 16888] -webkit-border-image
crash/invalid free : [Attachment 18485] Fix memory corruption
- just store Values as member vars, don't allocate them
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Wed Jan 16 16:13:14 PST 2008
Michael Goddard <michael.goddard at trolltech.com> has asked for review:
Bug 16888: -webkit-border-image crash/invalid free
http://bugs.webkit.org/show_bug.cgi?id=16888
Attachment 18485: Fix memory corruption - just store Values as member vars,
don't allocate them
http://bugs.webkit.org/attachment.cgi?id=18485&action=edit
------- Additional Comments from Michael Goddard
<michael.goddard at trolltech.com>
In the original code, m_borderTop etc were OwnPtr<Value>s, and so we needed to
give them a valid pointer (hence the allocation in the previous patch, rather
than the middle of an array). Since the BorderImageParseContext is stack
allocated anyway, just make it slightly larger to hold actual Values and copy
them in. This needs an extra variable to track which Values are valid.
More information about the webkit-reviews
mailing list