[Webkit-unassigned] [Bug 141168] Memory is written to after deallocated, in GraphicsLayer::setMaskLayer.
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Mon Feb 2 12:56:21 PST 2015
https://bugs.webkit.org/show_bug.cgi?id=141168
Brent Fulgham <bfulgham at webkit.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #245894|review? |review+, commit-queue+
Flags| |
--- Comment #2 from Brent Fulgham <bfulgham at webkit.org> ---
Comment on attachment 245894
--> https://bugs.webkit.org/attachment.cgi?id=245894
Patch
Wow! That's not good! :-)
I guess this happens if the m_childClippingMaskLayer is also part of the layer hierarchy and is therefore accessed for a "setMaskLayer" update?
This might only happen in the WinCairo implementation due to its use of the texture mapping stuff to handle accelerated compositing.
r=me.
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20150202/0621d564/attachment-0002.html>
More information about the webkit-unassigned
mailing list