diff options
| author | John Reck <jreck@google.com> | 2012-04-26 11:31:44 -0700 |
|---|---|---|
| committer | John Reck <jreck@google.com> | 2012-04-26 11:31:44 -0700 |
| commit | 74448d56dfb0a3123af451319ff7b897e15774ce (patch) | |
| tree | fe6f95c348db03873313374b502e175b4a146454 /Source/WebKit/android/WebCoreSupport | |
| parent | 2ad54828a335c8e7337ab1f1077253689630a6d2 (diff) | |
| download | external_webkit-74448d56dfb0a3123af451319ff7b897e15774ce.zip external_webkit-74448d56dfb0a3123af451319ff7b897e15774ce.tar.gz external_webkit-74448d56dfb0a3123af451319ff7b897e15774ce.tar.bz2 | |
Fix use after free
Bug: 6396295
Change-Id: I7c115a06ee7605956d205d1401b84d1118c8be85
Diffstat (limited to 'Source/WebKit/android/WebCoreSupport')
| -rw-r--r-- | Source/WebKit/android/WebCoreSupport/FrameLoaderClientAndroid.cpp | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/Source/WebKit/android/WebCoreSupport/FrameLoaderClientAndroid.cpp b/Source/WebKit/android/WebCoreSupport/FrameLoaderClientAndroid.cpp index d7c21e3..271fe58 100644 --- a/Source/WebKit/android/WebCoreSupport/FrameLoaderClientAndroid.cpp +++ b/Source/WebKit/android/WebCoreSupport/FrameLoaderClientAndroid.cpp @@ -945,11 +945,11 @@ void FrameLoaderClientAndroid::transitionToCommittedForNewPage() { Retain(webViewCore); // Save the old WebFrameView's bounds and apply them to the new WebFrameView - WebFrameView* oldWebFrameView = static_cast<WebFrameView*> (m_frame->view()->platformWidget()); + RefPtr<WebCore::FrameView> oldFrameView = m_frame->view(); + WebFrameView* oldWebFrameView = static_cast<WebFrameView*> (oldFrameView->platformWidget()); IntRect bounds; if (oldWebFrameView) bounds = oldWebFrameView->getBounds(); - WebCore::FrameView* oldFrameView = m_frame->view(); const float oldZoomFactor = oldFrameView->frame()->textZoomFactor(); m_frame->createView(bounds.size(), oldFrameView->baseBackgroundColor(), oldFrameView->isTransparent(), oldFrameView->fixedLayoutSize(), oldFrameView->useFixedLayout()); |