Bug 46480

Summary:	[chromium] Platform layers should not be able to hold a stale compositor pointer
Product:	WebKit	Reporter:	Vangelis Kokkevis <vangelis>
Component:	WebCore Misc.	Assignee:	Vangelis Kokkevis <vangelis>
Status:	RESOLVED FIXED
Severity:	Normal
Priority:	P2
Version:	528+ (Nightly build)
Hardware:	All
OS:	All

Vangelis Kokkevis

Reported 2010-09-24 10:30:16 PDT

Composited layers (the ones derived from LayerChromium) hold a raw pointer to the compositor (LayerRendererChromium) which means that if the compositor gets destroyed before the layers do they could be accessing uninitialized memory. One possible solution would be to make LayerChromium hold a reference to LayerRendererChromium instead of a raw pointer to ensure a proper destruction order.

Attachments
Add attachment proposed patch, testcase, etc.

Vangelis Kokkevis

Comment 1 2010-10-08 09:56:22 PDT

Fixed in r68442: <http://trac.webkit.org/changeset/68442>

Note You need to log in before you can comment on or make changes to this bug.