[Webkit-unassigned] [Bug 111179] [Cairo] Surface pointer passed to asNewNativeImage() might be freed.
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Mon Jun 16 02:04:10 PDT 2014
https://bugs.webkit.org/show_bug.cgi?id=111179
--- Comment #28 from cand <cand at gmx.com> 2014-06-16 02:04:31 PST ---
(In reply to comment #27)
> (In reply to comment #18)
> > Created an attachment (id=229057)
--> (https://bugs.webkit.org/attachment.cgi?id=229057&action=review) [details] [details]
> > refcount-imageframe-data.patch
> >
> > Alternative 1: use a refcounted Cairo image surface
>
> This patch crashes in the same place as alt#2.
Sorry, clarifying: it also crashes in memcpy called from resize. Obviously the memcpy is in a different place.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list