The PODFreeListArena class doesn't actually deallocate objects when they're freed, so address sanitizer builds of WebKit won't catch use-after-free issues with objects that use it.
Created attachment 223542 [details]
Comment on attachment 223542 [details]
Clearing flags on attachment: 223542
Committed r163693: <http://trac.webkit.org/changeset/163693>
All reviewed patches have been landed. Closing bug.