[Chromium] Memory bug during occlusion tracking if Vector::append() needs to reallocate the buffer
https://bugs.webkit.org/show_bug.cgi?id=77996
Patch by Dana Jansens <danakj@chromium.org> on 2012-02-07
Reviewed by James Robinson.
We're holding onto the last element in the Vector and then calling
append(). If append() reallocates the Vector's buffer, the pointer
is no longer valid.
* platform/graphics/chromium/cc/CCLayerTreeHost.cpp:
(WebCore::enterTargetRenderSurface):
git-svn-id: http://svn.webkit.org/repository/webkit/trunk@106969
268f45cc-cd09-0410-ab3c-
d52691b4dbfc
projects / profile / ivi / webkit-efl.git / commit