[Webkit-unassigned] [Bug 95311] [CSSRegions]Use RefPtr's instead of weak references on DOMNamedFlowCollection
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Thu Aug 30 06:07:02 PDT 2012
https://bugs.webkit.org/show_bug.cgi?id=95311
Andreas Kling <kling at webkit.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |kling at webkit.org
--- Comment #6 from Andreas Kling <kling at webkit.org> 2012-08-30 06:07:08 PST ---
(In reply to comment #4)
> (In reply to comment #3)
> > (From update of attachment 161204 [details] [details])
> > View in context: https://bugs.webkit.org/attachment.cgi?id=161204&action=review
> >
> > > Source/WebCore/ChangeLog:14
> > > + No need for new tests, the previous ones should cover this functionality.
> >
> > Is there a test that used to crash in this scenario? Or what are the tests that cover this?
>
> This patch doesn't add new functionality, it just prevents trying to access memory that has been freed (in the case where there is NamedFlowCollection instance that is still holding a pointer to a NamedFlow which has since been removed). A test that "successfully" crashes each time would be kind of cumbersome to create, since it is likely that the memory won't be overwritten. Best fix this before it becomes a security bug. :)
Could we at least add a test that fails reliably when run under e.g valgrind?
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list