[Webkit-unassigned] [Bug 45896] CSS: Fix crash in getTimingFunctionValue()
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Thu Sep 16 09:56:46 PDT 2010
https://bugs.webkit.org/show_bug.cgi?id=45896
Simon Fraser (smfr) <simon.fraser at apple.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #67803|review- |review?
Flag| |
--- Comment #4 from Simon Fraser (smfr) <simon.fraser at apple.com> 2010-09-16 09:56:47 PST ---
(From update of attachment 67803)
> diff --git a/WebCore/ChangeLog b/WebCore/ChangeLog
> index 13da8c8..7277379 100644
> --- a/WebCore/ChangeLog
> +++ b/WebCore/ChangeLog
> @@ -1,3 +1,15 @@
> +2010-09-16 Andreas Kling <andreas.kling at nokia.com>
> +
> + Reviewed by NOBODY (OOPS!).
> +
> + CSS: Fix crash in getTimingFunctionValue()
> + https://bugs.webkit.org/show_bug.cgi?id=45896
> +
> + Use RefPtrs to avoid deleting the TimingFunctions prematurely.
You should say here why you didn't add any tests.
> diff --git a/WebCore/css/CSSComputedStyleDeclaration.cpp b/WebCore/css/CSSComputedStyleDeclaration.cpp
> index ce96e1c..f351cd7 100644
> --- a/WebCore/css/CSSComputedStyleDeclaration.cpp
> +++ b/WebCore/css/CSSComputedStyleDeclaration.cpp
> @@ -514,12 +514,12 @@ static PassRefPtr<CSSValue> getTimingFunctionValue(const AnimationList* animList
> RefPtr<CSSValueList> list = CSSValueList::createCommaSeparated();
> if (animList) {
> for (size_t i = 0; i < animList->size(); ++i) {
> - const TimingFunction* tf = animList->animation(i)->timingFunction().get();
> + RefPtr<TimingFunction> tf = animList->animation(i)->timingFunction();
I don't see why this RefPtr is needed. How can animList->animation(i)->timingFunction() go bad here?
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list