/[blink]
Chromium logo

Revision 187435


Jump to revision: Previous Next
Author: hayato@chromium.org
Date: Thu Dec 18 07:06:48 2014 UTC (8 years, 5 months ago)
Changed paths: 4
Log Message:
Make TreeScopeEventContext have a RefPtr to TreeScope.rootNode to guard TreeScope.

This fixes a use-after-free caused by TreeScope being freed while TreeScopeEventContext still needs it.
Because TreeScope itself isn't a RefCounted, guard it by having a RefPtr to treeScope.rootNode(), instead.

BUG=442806

Review URL: https://codereview.chromium.org/794123004

Changed paths

Path Details
Directorytrunk/LayoutTests/fast/dom/shadow/event-path-after-deleting-tree-scope-crash-expected.txt added
Directorytrunk/LayoutTests/fast/dom/shadow/event-path-after-deleting-tree-scope-crash.html added
Directorytrunk/Source/core/events/TreeScopeEventContext.cpp modified , text changed
Directorytrunk/Source/core/events/TreeScopeEventContext.h modified , text changed

Properties

Name Value
commit-bot commit-bot@chromium.org

Powered by ViewVC 1.1.26 ViewVC Help