[Webkit-unassigned] [Bug 141168] New: Memory is written to after deallocated, in GraphicsLayer::setMaskLayer.
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Mon Feb 2 12:35:34 PST 2015
https://bugs.webkit.org/show_bug.cgi?id=141168
Bug ID: 141168
Summary: Memory is written to after deallocated, in
GraphicsLayer::setMaskLayer.
Classification: Unclassified
Product: WebKit
Version: 528+ (Nightly build)
Hardware: Unspecified
OS: Unspecified
Status: NEW
Severity: Normal
Priority: P2
Component: WebCore Misc.
Assignee: webkit-unassigned at lists.webkit.org
Reporter: peavo at outlook.com
Visual Studio detected that a deallocated heap block had been modified in GraphicsLayer::setMaskLayer, when called from RenderLayerBacking::updateChildClippingStrategy.
void GraphicsLayer::setMaskLayer(GraphicsLayer* layer)
{
if (layer == m_maskLayer)
return;
if (layer) {
layer->removeFromParent();
layer->setParent(this);
layer->setIsMaskLayer(true);
} else if (m_maskLayer) {
m_maskLayer->setParent(nullptr); <--------------- Writing to deallocated memory
m_maskLayer->setIsMaskLayer(false); <---------------
}
m_maskLayer = layer;
}
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20150202/4cab64ee/attachment-0002.html>
More information about the webkit-unassigned
mailing list