[Webkit-unassigned] [Bug 16888] -webkit-border-image crash/invalid free
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Wed Jan 16 16:13:14 PST 2008
http://bugs.webkit.org/show_bug.cgi?id=16888
michael.goddard at trolltech.com changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #18465|0 |1
is obsolete| |
Attachment #18485| |review?
Flag| |
------- Comment #5 from michael.goddard at trolltech.com 2008-01-16 16:13 PDT -------
Created an attachment (id=18485)
--> (http://bugs.webkit.org/attachment.cgi?id=18485&action=view)
Fix memory corruption - just store Values as member vars, don't allocate them
In the original code, m_borderTop etc were OwnPtr<Value>s, and so we needed to
give them a valid pointer (hence the allocation in the previous patch, rather
than the middle of an array). Since the BorderImageParseContext is stack
allocated anyway, just make it slightly larger to hold actual Values and copy
them in. This needs an extra variable to track which Values are valid.
--
Configure bugmail: http://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
More information about the webkit-unassigned
mailing list