Heap-use-after-free regression
authorrniwa@webkit.org <rniwa@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Tue, 26 Mar 2013 22:03:16 +0000 (22:03 +0000)
committerrniwa@webkit.org <rniwa@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Tue, 26 Mar 2013 22:03:16 +0000 (22:03 +0000)
commit77244c201c06ada69d87e8da74b41dd09e3f68e2
treeb7f9be59fa8c85f5819394a452952aa07683db56
parent75c50504ed1c8a841d0bca5fba28298202f74f71
Heap-use-after-free regression
https://bugs.webkit.org/show_bug.cgi?id=113337

Reviewed by Abhishek Arya and Alexey Proskuryakov.

Source/WebCore:

Use RefPtr instead of raw pointer in m_associatedFormControls.

* dom/Document.cpp:
(WebCore::Document::didAssociateFormControlsTimerFired):
* dom/Document.h:
(Document):
* loader/EmptyClients.h:
(WebCore::EmptyChromeClient::didAssociateFormControls):
* page/ChromeClient.h:
(WebCore::ChromeClient::didAssociateFormControls):

Source/WebKit/chromium:

* src/ChromeClientImpl.cpp:
(WebKit::ChromeClientImpl::didAssociateFormControls):
* src/ChromeClientImpl.h:
(ChromeClientImpl):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@146935 268f45cc-cd09-0410-ab3c-d52691b4dbfc
Source/WebCore/ChangeLog
Source/WebCore/dom/Document.cpp
Source/WebCore/dom/Document.h
Source/WebCore/loader/EmptyClients.h
Source/WebCore/page/ChromeClient.h
Source/WebKit/chromium/ChangeLog
Source/WebKit/chromium/src/ChromeClientImpl.cpp
Source/WebKit/chromium/src/ChromeClientImpl.h