Bug 58082

Summary:

REGRESSION (r83081): Use of deallocated memory in WebEditorClient::respondToChangedSelection()

Product:

WebKit

Reporter:

Alexey Proskuryakov <ap>

Component:

WebKit Misc.

Assignee:

Alexey Proskuryakov <ap>

Status:

RESOLVED FIXED

Severity:

Normal

CC:

rsesek

Priority:

Version:

528+ (Nightly build)

Hardware:

Mac

OS:

OS X 10.6

Attachments:

Description	Flags
proposed fix	bweinstein: review+

Description Alexey Proskuryakov 2011-04-07 14:36:27 PDT

There is nothing protecting the range object.

This used to not be a problem before this patch because temporary objects in C++ are deleted after the full expression is evaluated, so it wasn't destroyed until after the function call.

Patch forthcoming.

Comment 1 Alexey Proskuryakov 2011-04-07 14:39:09 PDT

Created attachment 88702 [details]
proposed fix

Comment 2 Brian Weinstein 2011-04-07 14:41:37 PDT

Comment on attachment 88702 [details]
proposed fix

View in context: https://bugs.webkit.org/attachment.cgi?id=88702&action=review

> Source/WebKit2/ChangeLog:9
> +        Now that the Range is used outide the full expression where it's created, it needs to be

Typo: outside.

Comment 3 Alexey Proskuryakov 2011-04-07 14:43:21 PDT

Committed <http://trac.webkit.org/changeset/83211>.