/[blink]
Chromium logo

Revision 180681


Jump to revision: Previous Next
Author: hartmanng@chromium.org
Date: Wed Aug 20 20:09:23 2014 UTC (8 years, 9 months ago)
Changed paths: 7
Log Message:
Defer call to updateWidgetPositions() outside of RenderLayerScrollableArea.

updateWidgetPositions() can destroy the render tree, so it should never
be called from inside RenderLayerScrollableArea. Leaving it there allows
for the potential of use-after-free bugs.

BUG=402407
R=vollick@chromium.org

Review URL: https://codereview.chromium.org/490473003

Changed paths

Path Details
Directorytrunk/LayoutTests/compositing/overflow/do-not-crash-use-after-free-update-widget-positions-expected.txt added
Directorytrunk/LayoutTests/compositing/overflow/do-not-crash-use-after-free-update-widget-positions.html added
Directorytrunk/LayoutTests/compositing/overflow/resources/do-not-crash-use-after-free-update-widget-positions-iframe.html added
Directorytrunk/LayoutTests/compositing/overflow/resources/do-not-crash-use-after-free-update-widget-positions.svg added
Directorytrunk/Source/core/frame/FrameView.cpp modified , text changed
Directorytrunk/Source/core/frame/FrameView.h modified , text changed
Directorytrunk/Source/core/rendering/RenderLayerScrollableArea.cpp modified , text changed

Powered by ViewVC 1.1.26 ViewVC Help