Use-after-free in ApplyStyleCommand::removeInlineStyle
authorrniwa@webkit.org <rniwa@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Wed, 24 Jul 2013 21:24:49 +0000 (21:24 +0000)
committerrniwa@webkit.org <rniwa@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Wed, 24 Jul 2013 21:24:49 +0000 (21:24 +0000)
commitcdc0dd853cec559942d8a32db1e0da2d3f40138c
tree2bcfb050e603440899d49f3213bd1e47010d8fbf
parentd6593082520327ef3cfed988ff44154623d35569
Use-after-free in ApplyStyleCommand::removeInlineStyle
https://bugs.webkit.org/show_bug.cgi?id=118627

Reviewed by Oliver Hunt.

Merge https://chromium.googlesource.com/chromium/blink/+/b6471d077e012b05ccba14d0ce8e6d616106c8e6

Unfortunately, there is no test case for this bug.

* editing/ApplyStyleCommand.cpp:
(WebCore::ApplyStyleCommand::removeInlineStyle):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@153102 268f45cc-cd09-0410-ab3c-d52691b4dbfc
Source/WebCore/ChangeLog
Source/WebCore/editing/ApplyStyleCommand.cpp