[Webkit-unassigned] [Bug 132337] REGRESSION (r167879): Heap-use-after-free in WebCore::RenderFlexibleBox
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Tue Apr 29 09:37:25 PDT 2014
https://bugs.webkit.org/show_bug.cgi?id=132337
Manuel Rego Casasnovas <rego at igalia.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Summary|REGRESSION (r167879?): |REGRESSION (r167879):
|Crashes on Flickr page |Heap-use-after-free in
| |WebCore::RenderFlexibleBox
Status|NEW |ASSIGNED
AssignedTo|webkit-unassigned at lists.web |rego at igalia.com
|kit.org |
--- Comment #3 from Manuel Rego Casasnovas <rego at igalia.com> 2014-04-29 09:37:46 PST ---
(In reply to comment #2)
> Manuel, could you take a look?
Yes, it seems it was introduced by my changes in OrderIterator.
I'm uploading a new patch porting https://codereview.chromium.org/19558006 that seems to be fixing the issue here. It would be great if you could very it.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list