https://bugs.webkit.org/show_bug.cgi?id=87019
Reviewed by David Levin.
Should not access the CallbacksBridge's member field after it's freed.
* src/WorkerFileSystemCallbacksBridge.cpp:
(WebKit::WorkerFileSystemCallbacksBridge::cleanUpAfterCallback):
git-svn-id: http://svn.webkit.org/repository/webkit/trunk@121160
268f45cc-cd09-0410-ab3c-
d52691b4dbfc
+2012-06-25 Kinuko Yasuda <kinuko@chromium.org>
+
+ Heap-use-after-free in WebKit::MainThreadFileSystemCallbacks
+ https://bugs.webkit.org/show_bug.cgi?id=87019
+
+ Reviewed by David Levin.
+
+ Should not access the CallbacksBridge's member field after it's freed.
+
+ * src/WorkerFileSystemCallbacksBridge.cpp:
+ (WebKit::WorkerFileSystemCallbacksBridge::cleanUpAfterCallback):
+
2012-06-24 Luke Macpherson <macpherson@chromium.org>
Add runtime flag to enable/disable CSS variables (in addition to existing compile-time flag).
m_callbacksOnWorkerThread = 0;
if (m_workerContextObserver) {
- delete m_workerContextObserver;
+ WorkerFileSystemContextObserver* observer = m_workerContextObserver;
m_workerContextObserver = 0;
+ // The next line may delete this.
+ delete observer;
}
}
projects / profile / ivi / webkit-efl.git / commitdiff