[Webkit-unassigned] [Bug 141168] Memory is written to after deallocated, in GraphicsLayer::setMaskLayer.
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Mon Feb 2 13:13:08 PST 2015
https://bugs.webkit.org/show_bug.cgi?id=141168
--- Comment #3 from peavo at outlook.com ---
(In reply to comment #2)
> Comment on attachment 245894 [details]
> Patch
>
Thanks for reviewing :)
> Wow! That's not good! :-)
>
> I guess this happens if the m_childClippingMaskLayer is also part of the
> layer hierarchy and is therefore accessed for a "setMaskLayer" update?
>
> This might only happen in the WinCairo implementation due to its use of the
> texture mapping stuff to handle accelerated compositing.
>
Good point, could be a bug only on WinCairo.
Also, it was not really harmful, since the overwrite happened just after deallocation, and nobody had reallocated the block, yet ... :)
> r=me.
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20150202/ca4c7d9a/attachment-0002.html>
More information about the webkit-unassigned
mailing list