Google Git
Sign in
webkit / WebKit / fac7d85cb8429f3dee77f0cc4de1dc3993ed1c83
commitfac7d85cb8429f3dee77f0cc4de1dc3993ed1c83[log] [tgz]
authorjchaffraix@webkit.org <jchaffraix@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>Tue Dec 04 21:10:03 2012 +0000
committerjchaffraix@webkit.org <jchaffraix@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>Tue Dec 04 21:10:03 2012 +0000
tree74e204bd031ca78bf1d295c5d8bc6e7606f58a93
parentc8aa3d8f2b844530c42b1cf410d52fba955d4071 [diff]
Heap-use-after-free in WebCore::RenderLayer::paintList [MathML]
https://bugs.webkit.org/show_bug.cgi?id=100764

Reviewed by Eric Seidel.

Source/WebCore:

Test: mathml/mfenced-root-layer.html

* rendering/RenderLayer.cpp:
(WebCore::RenderLayer::stackingContext):
Fixed this function to ensure that it always returns a stacking context, the bug
was that the document element's layer wasn't guaranteed to be a stacking context.

LayoutTests:

* mathml/mfenced-root-layer-expected.txt: Added.
* mathml/mfenced-root-layer.html: Added.

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@136554 268f45cc-cd09-0410-ab3c-d52691b4dbfc
5 files changed
tree: 74e204bd031ca78bf1d295c5d8bc6e7606f58a93
  1. Examples/
  2. LayoutTests/
  3. ManualTests/
  4. PerformanceTests/
  5. Source/
  6. Tools/
  7. WebKit.xcworkspace/
  8. WebKitLibraries/
  9. Websites/
  10. .dir-locals.el
  11. .gitattributes
  12. .gitignore
  13. .qmake.conf
  14. autogen.sh
  15. ChangeLog
  16. ChangeLog-2012-05-22
  17. CMakeLists.txt
  18. configure.ac
  19. GNUmakefile.am
  20. Makefile
  21. Makefile.shared
  22. WebKit.pro
  23. wscript