delta/qt5/qtwebkit.git - code.qt.io: qt/qtwebkit.git

diff options

author	Allan Sandfeld Jensen <allan.jensen@digia.com>	2013-01-23 11:52:54 +0100
committer	The Qt Project <gerrit-noreply@qt-project.org>	2013-01-23 12:45:19 +0100
commit	3a94b1a765225089e710e11626ecee20de516ec6 (patch)
tree	d7a86d6634b9f274a556d9504c1a48f70177d5cd /Source/JavaScriptCore/runtime/JSObject.cpp
parent	28b2bb706534bc641f475dbc3e5cf32b9f39fb8c (diff)
download	qtwebkit-3a94b1a765225089e710e11626ecee20de516ec6.tar.gz

Fixing memory read after free in CanvasRenderingContext2D::accessFont

https://bugs.webkit.org/show_bug.cgi?id=106244 Reviewed by Abhishek Arya. Using a temporary String object to hold ref count on string that is passed by reference in CanvasRenderingContext2D::accessFont. Test: fast/canvas/canvas-measureText.html * html/canvas/CanvasRenderingContext2D.cpp: (WebCore::CanvasRenderingContext2D::accessFont): Change-Id: Icfab9c7b7e870af9ca9ba05a1b803b51a9a329ad Reviewed-by: Zeno Albisser <zeno.albisser@digia.com>

Diffstat (limited to 'Source/JavaScriptCore/runtime/JSObject.cpp')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: