On Dec 17, 2008, at 1:35 PM, Kenneth Christiansen wrote:
I had a crash the other day and found some code that looks wrong to
me.
The affected method is FrameView::endDeferredRepaints() found in
WebCore/page/FrameView.cpp
unsigned size = d->m_repaintRects.size();
for (unsigned i = 0; i < size; i++)
repaintContentRectangle(d->m_repaintRects[i], false);
The problem here is that repaintContentRectangle auments (d-
>m_repaintRects.append(r)) the items in m_repaintRects or clears it
(d->m_repaintRects.clear()), thus the size of m_repaintRects[]
changes while iterating it, which can result in a crash.
That sure does look wrong! Would you be willing to write a bug report
about this?
-- Darin
_______________________________________________
webkit-dev mailing list
[email protected]
http://lists.webkit.org/mailman/listinfo.cgi/webkit-dev
