RESOLVED FIXED Bug 58082
REGRESSION (r83081): Use of deallocated memory in WebEditorClient::respondToChangedSelection() 
https://bugs.webkit.org/show_bug.cgi?id=58082
Summary REGRESSION (r83081): Use of deallocated memory in WebEditorClient::respondToC...
Alexey Proskuryakov
Reported 2011-04-07 14:36:27 PDT
There is nothing protecting the range object. This used to not be a problem before this patch because temporary objects in C++ are deleted after the full expression is evaluated, so it wasn't destroyed until after the function call. Patch forthcoming.
Attachments
proposed fix (1.80 KB, patch)
2011-04-07 14:39 PDT, Alexey Proskuryakov 		bweinstein: review+
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Alexey Proskuryakov
Comment 1 2011-04-07 14:39:09 PDT
Created attachment 88702 [details] proposed fix
Brian Weinstein
Comment 2 2011-04-07 14:41:37 PDT
Comment on attachment 88702 [details] proposed fix View in context: https://bugs.webkit.org/attachment.cgi?id=88702&action=review > Source/WebKit2/ChangeLog:9 > + Now that the Range is used outide the full expression where it's created, it needs to be Typo: outside.
Alexey Proskuryakov
Comment 3 2011-04-07 14:43:21 PDT
Committed <http://trac.webkit.org/changeset/83211>.
Note You need to log in before you can comment on or make changes to this bug.