Skip to site navigation (Press enter)

[webkit-changes] [126989] trunk/Source/WebCore

yurys Wed, 29 Aug 2012 04:52:42 -0700

Title: [126989] trunk/Source/WebCore

Revision: 126989
Author: [email protected]
Date: 2012-08-29 04:53:19 -0700 (Wed, 29 Aug 2012)

Log Message

Web Inspector: unsafe static_cast in RetainedDOMInfo::IsEquivalent
https://bugs.webkit.org/show_bug.cgi?id=95315


Reviewed by Vsevolod Vlasov.

* bindings/v8/RetainedDOMInfo.cpp:
(WebCore::RetainedDOMInfo::IsEquivalent): compare retained object info
labels before casting v8::RetainedObjectInfo to WebCore::RetainedObjectInfo
as the |other| object may not be a descendant of WebCore::RetainedObjectInfo.

Modified Paths

trunk/Source/WebCore/ChangeLog
trunk/Source/WebCore/bindings/v8/RetainedDOMInfo.cpp

Diff

Modified: trunk/Source/WebCore/ChangeLog (126988 => 126989)


--- trunk/Source/WebCore/ChangeLog	2012-08-29 11:29:46 UTC (rev 126988)
+++ trunk/Source/WebCore/ChangeLog	2012-08-29 11:53:19 UTC (rev 126989)
@@ -1,3 +1,15 @@
+2012-08-29  Yury Semikhatsky  <[email protected]>
+
+        Web Inspector: unsafe static_cast in RetainedDOMInfo::IsEquivalent
+        https://bugs.webkit.org/show_bug.cgi?id=95315
+
+        Reviewed by Vsevolod Vlasov.
+
+        * bindings/v8/RetainedDOMInfo.cpp:
+        (WebCore::RetainedDOMInfo::IsEquivalent): compare retained object info
+        labels before casting v8::RetainedObjectInfo to WebCore::RetainedObjectInfo
+        as the |other| object may not be a descendant of WebCore::RetainedObjectInfo.
+
 2012-08-29  Jochen Eisinger  <[email protected]>
 
         REGRESSION(r126816): Missing includes when compiling without SVG

Modified: trunk/Source/WebCore/bindings/v8/RetainedDOMInfo.cpp (126988 => 126989)


--- trunk/Source/WebCore/bindings/v8/RetainedDOMInfo.cpp	2012-08-29 11:29:46 UTC (rev 126988)
+++ trunk/Source/WebCore/bindings/v8/RetainedDOMInfo.cpp	2012-08-29 11:53:19 UTC (rev 126989)
@@ -53,7 +53,11 @@
 bool RetainedDOMInfo::IsEquivalent(v8::RetainedObjectInfo* other)
 {
     ASSERT(other);
-    return other == this || static_cast<WebCore::RetainedObjectInfo*>(other)->GetEquivalenceClass() == this->GetEquivalenceClass();
+    if (other == this)
+        return true;
+    if (strcmp(GetLabel(), other->GetLabel()))
+        return false;
+    return static_cast<WebCore::RetainedObjectInfo*>(other)->GetEquivalenceClass() == this->GetEquivalenceClass();
 }
 
 intptr_t RetainedDOMInfo::GetHash()

_______________________________________________
webkit-changes mailing list
[email protected]
http://lists.webkit.org/mailman/listinfo/webkit-changes