Skip to site navigation (Press enter)

[webkit-changes] [149780] trunk/Source/WebCore

rniwa Wed, 08 May 2013 16:49:37 -0700

Title: [149780] trunk/Source/WebCore

Revision: 149780
Author: [email protected]
Date: 2013-05-08 16:51:19 -0700 (Wed, 08 May 2013)

Log Message

Potential use-after-free of Frame
https://bugs.webkit.org/show_bug.cgi?id=115774


Reviewed by Simon Fraser.

Merge https://chromium.googlesource.com/chromium/blink/+/c5b4a6db82e8280c7fc55ee3dc3a84c6b026e66e.

* page/Frame.cpp:
(WebCore::Frame::setPrinting):
(WebCore::Frame::setPageAndTextZoomFactors):
(WebCore::Frame::deviceOrPageScaleFactorChanged):

Modified Paths

trunk/Source/WebCore/ChangeLog
trunk/Source/WebCore/page/Frame.cpp

Diff

Modified: trunk/Source/WebCore/ChangeLog (149779 => 149780)


--- trunk/Source/WebCore/ChangeLog	2013-05-08 23:43:53 UTC (rev 149779)
+++ trunk/Source/WebCore/ChangeLog	2013-05-08 23:51:19 UTC (rev 149780)
@@ -1,3 +1,17 @@
+2013-05-07  Ryosuke Niwa  <[email protected]>
+
+        Potential use-after-free of Frame
+        https://bugs.webkit.org/show_bug.cgi?id=115774
+
+        Reviewed by Simon Fraser.
+
+        Merge https://chromium.googlesource.com/chromium/blink/+/c5b4a6db82e8280c7fc55ee3dc3a84c6b026e66e.
+
+        * page/Frame.cpp:
+        (WebCore::Frame::setPrinting):
+        (WebCore::Frame::setPageAndTextZoomFactors):
+        (WebCore::Frame::deviceOrPageScaleFactorChanged):
+
 2013-05-08  Roger Fong  <[email protected]>
 
         Unreviewed build fix, AppleWin port.

Modified: trunk/Source/WebCore/page/Frame.cpp (149779 => 149780)


--- trunk/Source/WebCore/page/Frame.cpp	2013-05-08 23:43:53 UTC (rev 149779)
+++ trunk/Source/WebCore/page/Frame.cpp	2013-05-08 23:51:19 UTC (rev 149780)
@@ -525,7 +525,7 @@
     }
 
     // Subframes of the one we're printing don't lay out to the page size.
-    for (Frame* child = tree()->firstChild(); child; child = child->tree()->nextSibling())
+    for (RefPtr<Frame> child = tree()->firstChild(); child; child = child->tree()->nextSibling())
         child->setPrinting(printing, FloatSize(), FloatSize(), 0, shouldAdjustViewSize);
 }
 
@@ -932,7 +932,7 @@
 
     document->recalcStyle(Node::Force);
 
-    for (Frame* child = tree()->firstChild(); child; child = child->tree()->nextSibling())
+    for (RefPtr<Frame> child = tree()->firstChild(); child; child = child->tree()->nextSibling())
         child->setPageAndTextZoomFactors(m_pageZoomFactor, m_textZoomFactor);
 
     if (FrameView* view = this->view()) {
@@ -990,7 +990,7 @@
 #if USE(ACCELERATED_COMPOSITING)
 void Frame::deviceOrPageScaleFactorChanged()
 {
-    for (Frame* child = tree()->firstChild(); child; child = child->tree()->nextSibling())
+    for (RefPtr<Frame> child = tree()->firstChild(); child; child = child->tree()->nextSibling())
         child->deviceOrPageScaleFactorChanged();
 
     RenderView* root = contentRenderer();

_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes