45329 2010-09-07 15:40:05 -0700 [chromium] PlatformLayer's must get their owner reset when owner is destroyed 2010-09-07 16:06:09 -0700 1 1 1 Unclassified WebKit WebCore Misc. 528+ (Nightly build) PC OS X 10.5 RESOLVED FIXED P2 Normal --- 1 vangelis vangelis oldest_to_newest 275348 0 vangelis 2010-09-07 15:40:05 -0700 A PlatformLayer's owner is a GraphicsLayer which holds a RefPtr to the PlatformLayer. PlatformLayer's can outlive their owning GraphicsLayer as other objects can also have references to them and therefore need to have their owner reset once that owner goes away. Failing to do so can result in accessing memory that has been freed. 275354 1 66779 vangelis 2010-09-07 15:47:11 -0700 Created attachment 66779 Proposed patch 275366 2 vangelis 2010-09-07 16:06:09 -0700 Committed r66923: <http://trac.webkit.org/changeset/66923> 66779 2010-09-07 15:47:11 -0700 2010-09-07 15:49:50 -0700 Proposed patch clearOwner_45329.txt text/plain 1474 vangelis SW5kZXg6IFdlYkNvcmUvQ2hhbmdlTG9nCj09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT0KLS0tIFdlYkNvcmUvQ2hhbmdlTG9n CShyZXZpc2lvbiA2NjkxNykKKysrIFdlYkNvcmUvQ2hhbmdlTG9nCSh3b3JraW5nIGNvcHkpCkBA IC0xLDMgKzEsMTYgQEAKKzIwMTAtMDktMDcgIFZhbmdlbGlzIEtva2tldmlzICA8dmFuZ2VsaXNA Y2hyb21pdW0ub3JnPgorCisgICAgICAgIFJldmlld2VkIGJ5IE5PQk9EWSAoT09QUyEpLgorCisg ICAgICAgIFtjaHJvbWl1bV0gUmVzZXQgdGhlIG93bmVyIG9mIFBsYXRmb3JtTGF5ZXIncyBvbmNl IHRoZSBHcmFwaGljc0xheWVyIHRoZXkgYXJlIGFzc29jaWF0ZWQgd2l0aAorICAgICAgICBnZXRz IGRlc3Ryb3llZC4KKyAgICAgICAgaHR0cHM6Ly9idWdzLndlYmtpdC5vcmcvc2hvd19idWcuY2dp P2lkPTQ1MzI5CisKKyAgICAgICAgVGVzdDogRml4ZXMgVUkgdGVzdCBmYWlsdXJlcyBkb3duc3Ry ZWFtIGZvciBhbGwgdGhlIE1lZGlhIHRlc3RzIHdoZW4gcnVuIG9uIHRoZSBidWlsZGJvdHMgKG1h Y2hpbmVzIHdpdGhvdXQgR1BVcykuCisKKyAgICAgICAgKiBwbGF0Zm9ybS9ncmFwaGljcy9jaHJv bWl1bS9HcmFwaGljc0xheWVyQ2hyb21pdW0uY3BwOgorICAgICAgICAoV2ViQ29yZTo6R3JhcGhp Y3NMYXllckNocm9taXVtOjp+R3JhcGhpY3NMYXllckNocm9taXVtKToKKwogMjAxMC0wOS0wNyAg QW5kZXJzIENhcmxzc29uICA8YW5kZXJzY2FAYXBwbGUuY29tPgogCiAgICAgICAgIFJldmlld2Vk IGJ5IERhcmluIEFkbGVyLgpJbmRleDogV2ViQ29yZS9wbGF0Zm9ybS9ncmFwaGljcy9jaHJvbWl1 bS9HcmFwaGljc0xheWVyQ2hyb21pdW0uY3BwCj09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT0KLS0tIFdlYkNvcmUvcGxhdGZv cm0vZ3JhcGhpY3MvY2hyb21pdW0vR3JhcGhpY3NMYXllckNocm9taXVtLmNwcAkocmV2aXNpb24g NjY5MTUpCisrKyBXZWJDb3JlL3BsYXRmb3JtL2dyYXBoaWNzL2Nocm9taXVtL0dyYXBoaWNzTGF5 ZXJDaHJvbWl1bS5jcHAJKHdvcmtpbmcgY29weSkKQEAgLTEwNiw2ICsxMDYsMTIgQEAgR3JhcGhp Y3NMYXllckNocm9taXVtOjpHcmFwaGljc0xheWVyQ2hybwogCiBHcmFwaGljc0xheWVyQ2hyb21p dW06On5HcmFwaGljc0xheWVyQ2hyb21pdW0oKQogeworICAgIGlmIChtX2xheWVyKQorICAgICAg ICBtX2xheWVyLT5zZXRPd25lcigwKTsKKyAgICBpZiAobV9jb250ZW50c0xheWVyKQorICAgICAg ICBtX2NvbnRlbnRzTGF5ZXItPnNldE93bmVyKDApOworICAgIGlmIChtX3RyYW5zZm9ybUxheWVy KQorICAgICAgICBtX3RyYW5zZm9ybUxheWVyLT5zZXRPd25lcigwKTsKIH0KIAogdm9pZCBHcmFw aGljc0xheWVyQ2hyb21pdW06OnNldE5hbWUoY29uc3QgU3RyaW5nJiBpbk5hbWUpCg==