[Webkit-unassigned] [Bug 127474] [GTK] Loading page into WebView shows g_closure_unref warning
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Fri Feb 13 07:35:55 PST 2015
https://bugs.webkit.org/show_bug.cgi?id=127474
Milan Crha <mcrha at redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #246524| |review?, commit-queue?
Flags| |
--- Comment #4 from Milan Crha <mcrha at redhat.com> ---
Created attachment 246524
--> https://bugs.webkit.org/attachment.cgi?id=246524&action=review
proposed patch
This was a use-after-free in case when the target had the last reference to the object, then the call to target->removeEventListener() caused the object's destruction, thus the assignment after the call, m_handler = 0;, was done on an already freed object.
Adding a temporary reference and dereference it at the very end, as the last thing in the function, fixed the runtime warning and the invalid memory usage.
Please include it in the webkit1 release too.
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20150213/44e6f22f/attachment-0002.html>
More information about the webkit-unassigned
mailing list