Title: [89096] trunk/Source/WebCore
- Revision
- 89096
- Author
- [email protected]
- Date
- 2011-06-16 18:16:59 -0700 (Thu, 16 Jun 2011)
Log Message
2011-06-16 Darin Adler <[email protected]>
Reviewed by Dan Bernstein.
REGRESSION (r89035): HTMLTableRowsCollection constructor crashes; depends on compiler order of evaluation
https://bugs.webkit.org/show_bug.cgi?id=62836
Covered by existing tests on platforms where it occurs.
* html/HTMLTableRowsCollection.cpp:
(WebCore::HTMLTableRowsCollection::HTMLTableRowsCollection): Add a call to get()
to prevent the passing behavior of PassRefPtr from kicking in and changing the
table pointer to 0, possibly before it is dereferenced.
Modified Paths
Diff
Modified: trunk/Source/WebCore/ChangeLog (89095 => 89096)
--- trunk/Source/WebCore/ChangeLog 2011-06-17 01:02:58 UTC (rev 89095)
+++ trunk/Source/WebCore/ChangeLog 2011-06-17 01:16:59 UTC (rev 89096)
@@ -1,3 +1,17 @@
+2011-06-16 Darin Adler <[email protected]>
+
+ Reviewed by Dan Bernstein.
+
+ REGRESSION (r89035): HTMLTableRowsCollection constructor crashes; depends on compiler order of evaluation
+ https://bugs.webkit.org/show_bug.cgi?id=62836
+
+ Covered by existing tests on platforms where it occurs.
+
+ * html/HTMLTableRowsCollection.cpp:
+ (WebCore::HTMLTableRowsCollection::HTMLTableRowsCollection): Add a call to get()
+ to prevent the passing behavior of PassRefPtr from kicking in and changing the
+ table pointer to 0, possibly before it is dereferenced.
+
2011-06-16 Sheriff Bot <[email protected]>
Unreviewed, rolling out r89055.
Modified: trunk/Source/WebCore/html/HTMLTableRowsCollection.cpp (89095 => 89096)
--- trunk/Source/WebCore/html/HTMLTableRowsCollection.cpp 2011-06-17 01:02:58 UTC (rev 89095)
+++ trunk/Source/WebCore/html/HTMLTableRowsCollection.cpp 2011-06-17 01:16:59 UTC (rev 89096)
@@ -148,8 +148,11 @@
return 0;
}
+// Must call get() on the table in case that argument is compiled before dereferencing the
+// table to get at the collection cache. Order of argument evaluation is undefined and can
+// differ between compilers.
HTMLTableRowsCollection::HTMLTableRowsCollection(PassRefPtr<HTMLTableElement> table)
- : HTMLCollection(table, OtherCollection, table->collectionCache())
+ : HTMLCollection(table.get(), OtherCollection, table->collectionCache())
{
}
_______________________________________________
webkit-changes mailing list
[email protected]
http://lists.webkit.org/mailman/listinfo.cgi/webkit-changes
