Google Git
Sign in
webkit / WebKit / bf5e404d002c3bc940847d95da577ad8e77bc5fe
commitbf5e404d002c3bc940847d95da577ad8e77bc5fe[log] [tgz]
authorinferno@chromium.org <inferno@chromium.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>Sun Jan 06 18:53:15 2013 +0000
committerinferno@chromium.org <inferno@chromium.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>Sun Jan 06 18:53:15 2013 +0000
tree7187d212679bec73f68fb0f12e9dac860830e4c2
parent331e721f2ceae882432cbcb446becd0e386ec54c [diff]
Heap-use-after-free in WebCore::Document::implicitClose
https://bugs.webkit.org/show_bug.cgi?id=105655

Reviewed by Eric Seidel.

Source/WebCore:

Test: fast/dom/window-load-crash.html

* dom/Document.cpp:
(WebCore::Document::implicitClose): RefPtr protect |this| document since it
can be destroyed in the dispatchWindowLoadEvent call.

LayoutTests:

* fast/dom/window-load-crash-expected.txt: Added.
* fast/dom/window-load-crash.html: Added.


git-svn-id: http://svn.webkit.org/repository/webkit/trunk@138918 268f45cc-cd09-0410-ab3c-d52691b4dbfc
5 files changed
tree: 7187d212679bec73f68fb0f12e9dac860830e4c2
  1. Examples/
  2. LayoutTests/
  3. ManualTests/
  4. PerformanceTests/
  5. Source/
  6. Tools/
  7. WebKit.xcworkspace/
  8. WebKitLibraries/
  9. Websites/
  10. .dir-locals.el
  11. .gitattributes
  12. .gitignore
  13. .qmake.conf
  14. autogen.sh
  15. ChangeLog
  16. ChangeLog-2012-05-22
  17. CMakeLists.txt
  18. configure.ac
  19. GNUmakefile.am
  20. Makefile
  21. Makefile.shared
  22. WebKit.pro
  23. wscript