From e63959cacee2bed785e6109cd12c0e7d82d4f7d5 Mon Sep 17 00:00:00 2001
From: "inferno@chromium.org"
 <inferno@chromium.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Date: Wed, 8 Feb 2012 20:53:54 +0000
Subject: [PATCH] Crash in Node::normalize.
 https://bugs.webkit.org/show_bug.cgi?id=78135

Reviewed by Ryosuke Niwa.

No new tests. Original testcase does not reduce to manageable
extent.

* dom/Node.cpp:
(WebCore::Node::normalize):


git-svn-id: http://svn.webkit.org/repository/webkit/trunk@107123 268f45cc-cd09-0410-ab3c-d52691b4dbfc
---
 Source/WebCore/ChangeLog    | 13 +++++++++++++
 Source/WebCore/dom/Node.cpp |  2 +-
 2 files changed, 14 insertions(+), 1 deletion(-)

diff --git a/Source/WebCore/ChangeLog b/Source/WebCore/ChangeLog
index 1f3e21e..6d5ea79 100644
--- a/Source/WebCore/ChangeLog
+++ b/Source/WebCore/ChangeLog
@@ -1,3 +1,16 @@
+2012-02-08  Abhishek Arya  <inferno@chromium.org>
+
+        Crash in Node::normalize.
+        https://bugs.webkit.org/show_bug.cgi?id=78135
+
+        Reviewed by Ryosuke Niwa.
+
+        No new tests. Original testcase does not reduce to manageable
+        extent.
+
+        * dom/Node.cpp:
+        (WebCore::Node::normalize):
+
 2012-02-08  Antoine Labour  <piman@chromium.org>
 
         Make WebGL context current early to check validity
diff --git a/Source/WebCore/dom/Node.cpp b/Source/WebCore/dom/Node.cpp
index ffe67ab..39b8fa8 100644
--- a/Source/WebCore/dom/Node.cpp
+++ b/Source/WebCore/dom/Node.cpp
@@ -632,7 +632,7 @@ void Node::normalize()
             continue;
         }
 
-        Text* text = static_cast<Text*>(node.get());
+        RefPtr<Text> text = static_cast<Text*>(node.get());
 
         // Remove empty text nodes.
         if (!text->length()) {
-- 
2.7.4