[Webkit-unassigned] [Bug 16888] New: -webkit-border-image crash/invalid free
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Tue Jan 15 22:17:15 PST 2008
http://bugs.webkit.org/show_bug.cgi?id=16888
Summary: -webkit-border-image crash/invalid free
Product: WebKit
Version: 525+ (Nightly build)
Platform: PC
OS/Version: All
Status: UNCONFIRMED
Severity: Major
Priority: P1
Component: CSS
AssignedTo: webkit-unassigned at lists.webkit.org
ReportedBy: michael.goddard at trolltech.com
There's an error in the CSSParser when parsing the width components of
-webkit-border-image. A pointer to the middle of an array is stored in an
OwnPtr and gets freed. Can cause crashes/memory corruption.
Testcase/patch to be attached.
--
Configure bugmail: http://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
More information about the webkit-unassigned
mailing list