Heap-use-after-free in WebCore::RenderText::computePreferredLogicalWidths
authorinferno@chromium.org <inferno@chromium.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Fri, 11 Jan 2013 19:35:31 +0000 (19:35 +0000)
committerinferno@chromium.org <inferno@chromium.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Fri, 11 Jan 2013 19:35:31 +0000 (19:35 +0000)
commit70b3721395e10cbcd1438f5a9724c6d97ed735a6
treeb384a584bf0104feadb51114dedc1fb14c794db2
parent0cb5d924f25e54c5f695683132c5e3295dcaa1ff
Heap-use-after-free in WebCore::RenderText::computePreferredLogicalWidths
https://bugs.webkit.org/show_bug.cgi?id=95901

Reviewed by Simon Fraser.

Prevent re-entrancy of view layout. Loading of SVG document during font load
causes it to re-enter layout and blowing the style away from underneath.

Test: Go to http://www.speckproducts.com and make sure crash does not happen.

* dom/Document.cpp:
(WebCore::Document::updateLayout):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@139470 268f45cc-cd09-0410-ab3c-d52691b4dbfc
Source/WebCore/ChangeLog
Source/WebCore/dom/Document.cpp