Heap-use-after-free in WebCore::RenderText::computePreferredLogicalWidths
[WebKit-https.git] / Source / WebCore / ChangeLog
index a780bdcbc8eb25a0f546b08a29e4f55a8781a5a2..a30ae39fcce5ad26acef6c0d5bdec3b96e08f603 100644 (file)
@@ -1,3 +1,18 @@
+2013-01-11  Abhishek Arya  <inferno@chromium.org>
+
+        Heap-use-after-free in WebCore::RenderText::computePreferredLogicalWidths
+        https://bugs.webkit.org/show_bug.cgi?id=95901
+
+        Reviewed by Simon Fraser.
+
+        Prevent re-entrancy of view layout. Loading of SVG document during font load
+        causes it to re-enter layout and blowing the style away from underneath.
+        
+        Test: Go to http://www.speckproducts.com and make sure crash does not happen.
+
+        * dom/Document.cpp:
+        (WebCore::Document::updateLayout):
+
 2013-01-11  Kentaro Hara  <haraken@chromium.org>
 
         [V8] Do not create a local handle for a cached v8 string that is returned to V8 immediately