Bug 58082

Summary: REGRESSION (r83081): Use of deallocated memory in WebEditorClient::respondToChangedSelection()
Product: WebKit Reporter: Alexey Proskuryakov <ap>
Component: WebKit Misc.Assignee: Alexey Proskuryakov <ap>
Status: RESOLVED FIXED    
Severity: Normal CC: rsesek
Priority: P1    
Version: 528+ (Nightly build)   
Hardware: Mac   
OS: OS X 10.6   
Attachments:
Description Flags
proposed fix bweinstein: review+

Alexey Proskuryakov
Reported 2011-04-07 14:36:27 PDT
There is nothing protecting the range object. This used to not be a problem before this patch because temporary objects in C++ are deleted after the full expression is evaluated, so it wasn't destroyed until after the function call. Patch forthcoming.
Attachments
proposed fix (1.80 KB, patch)
2011-04-07 14:39 PDT, Alexey Proskuryakov 		bweinstein: review+
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Alexey Proskuryakov
Comment 1 2011-04-07 14:39:09 PDT
Created attachment 88702 [details] proposed fix
Brian Weinstein
Comment 2 2011-04-07 14:41:37 PDT
Comment on attachment 88702 [details] proposed fix View in context: https://bugs.webkit.org/attachment.cgi?id=88702&action=review > Source/WebKit2/ChangeLog:9 > + Now that the Range is used outide the full expression where it's created, it needs to be Typo: outside.
Alexey Proskuryakov
Comment 3 2011-04-07 14:43:21 PDT
Committed <http://trac.webkit.org/changeset/83211>.
Note You need to log in before you can comment on or make changes to this bug.