git://git.webkit.org / WebKit-https.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: bda6656)
Potential use-after-free of Frame
authorrniwa@webkit.org <rniwa@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Wed, 8 May 2013 23:51:19 +0000 (23:51 +0000)
committerrniwa@webkit.org <rniwa@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Wed, 8 May 2013 23:51:19 +0000 (23:51 +0000)
https://bugs.webkit.org/show_bug.cgi?id=115774

Reviewed by Simon Fraser.

Merge https://chromium.googlesource.com/chromium/blink/+/c5b4a6db82e8280c7fc55ee3dc3a84c6b026e66e.

* page/Frame.cpp:
(WebCore::Frame::setPrinting):
(WebCore::Frame::setPageAndTextZoomFactors):
(WebCore::Frame::deviceOrPageScaleFactorChanged):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@149780 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Source/WebCore/ChangeLog patch | blob | history
Source/WebCore/page/Frame.cpp patch | blob | history

diff --git a/Source/WebCore/ChangeLog b/Source/WebCore/ChangeLog
index b7ab03374c3d5793c7c32c8e98a6bd6c9afe3524..b80b598cba533bfc39a242cc2c187b3db01dac04 100644 (file)
--- a/Source/WebCore/ChangeLog
+++ b/Source/WebCore/ChangeLog
@@ -1,3 +1,17 @@
+2013-05-07  Ryosuke Niwa  <rniwa@webkit.org>
+
+        Potential use-after-free of Frame
+        https://bugs.webkit.org/show_bug.cgi?id=115774
+
+        Reviewed by Simon Fraser.
+
+        Merge https://chromium.googlesource.com/chromium/blink/+/c5b4a6db82e8280c7fc55ee3dc3a84c6b026e66e.
+
+        * page/Frame.cpp:
+        (WebCore::Frame::setPrinting):
+        (WebCore::Frame::setPageAndTextZoomFactors):
+        (WebCore::Frame::deviceOrPageScaleFactorChanged):
+
 2013-05-08  Roger Fong  <roger_fong@apple.com>
 
         Unreviewed build fix, AppleWin port.
diff --git a/Source/WebCore/page/Frame.cpp b/Source/WebCore/page/Frame.cpp
index af32cab3fa26e647f59136339035d613dcaef909..bc34b142c0c4cd216cae293b8cc9a886d6abf502 100644 (file)
--- a/Source/WebCore/page/Frame.cpp
+++ b/Source/WebCore/page/Frame.cpp
@@ -525,7 +525,7 @@ void Frame::setPrinting(bool printing, const FloatSize& pageSize, const FloatSiz
     }
 
     // Subframes of the one we're printing don't lay out to the page size.
-    for (Frame* child = tree()->firstChild(); child; child = child->tree()->nextSibling())
+    for (RefPtr<Frame> child = tree()->firstChild(); child; child = child->tree()->nextSibling())
         child->setPrinting(printing, FloatSize(), FloatSize(), 0, shouldAdjustViewSize);
 }
 
@@ -932,7 +932,7 @@ void Frame::setPageAndTextZoomFactors(float pageZoomFactor, float textZoomFactor
 
     document->recalcStyle(Node::Force);
 
-    for (Frame* child = tree()->firstChild(); child; child = child->tree()->nextSibling())
+    for (RefPtr<Frame> child = tree()->firstChild(); child; child = child->tree()->nextSibling())
         child->setPageAndTextZoomFactors(m_pageZoomFactor, m_textZoomFactor);
 
     if (FrameView* view = this->view()) {
@@ -990,7 +990,7 @@ void Frame::resumeActiveDOMObjectsAndAnimations()
 #if USE(ACCELERATED_COMPOSITING)
 void Frame::deviceOrPageScaleFactorChanged()
 {
-    for (Frame* child = tree()->firstChild(); child; child = child->tree()->nextSibling())
+    for (RefPtr<Frame> child = tree()->firstChild(); child; child = child->tree()->nextSibling())
         child->deviceOrPageScaleFactorChanged();
 
     RenderView* root = contentRenderer();
Mirror of the WebKit open source project from svn.webkit.org.