58082 – REGRESSION (r83081): Use of deallocated memory in WebEditorClient::respondToChangedSelection()

Bug 58082 - REGRESSION (r83081): Use of deallocated memory in WebEditorClient::respondToChangedSelection()

Summary: REGRESSION (r83081): Use of deallocated memory in WebEditorClient::respondToC...

Status:	RESOLVED FIXED

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	WebKit Misc. (show other bugs)
Version:	528+ (Nightly build)
Hardware:	Mac OS X 10.6

Importance:	P1 Normal
Assignee:	Alexey Proskuryakov

URL:
Keywords:

Depends on:
Blocks:

Reported:	2011-04-07 14:36 PDT by Alexey Proskuryakov
Modified:	2011-04-07 14:43 PDT (History)
CC List:	1 user (show)

See Also:

Attachments
proposed fix (1.80 KB, patch) 2011-04-07 14:39 PDT, Alexey Proskuryakov	bweinstein: review+	Details \| Formatted Diff \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Alexey Proskuryakov 2011-04-07 14:36:27 PDT

There is nothing protecting the range object.

This used to not be a problem before this patch because temporary objects in C++ are deleted after the full expression is evaluated, so it wasn't destroyed until after the function call.

Patch forthcoming.

Comment 1 Alexey Proskuryakov 2011-04-07 14:39:09 PDT

Created attachment 88702 [details]
proposed fix

Comment 2 Brian Weinstein 2011-04-07 14:41:37 PDT

Comment on attachment 88702 [details]
proposed fix

View in context: https://bugs.webkit.org/attachment.cgi?id=88702&action=review

> Source/WebKit2/ChangeLog:9
> +        Now that the Range is used outide the full expression where it's created, it needs to be

Typo: outside.

Comment 3 Alexey Proskuryakov 2011-04-07 14:43:21 PDT

Committed <http://trac.webkit.org/changeset/83211>.