external_webkit.git - external/webkit

diff options

author	Cary Clark <cary@android.com>	2010-09-30 15:14:40 -0400
committer	Cary Clark <cary@android.com>	2010-09-30 15:14:40 -0400
commit	8180f8161470f2d0d6080c64149cf25ed3b755a5 (patch)
tree	387418df0beb238b165021ac40a1f76a175e34e0 /WebKit/android/nav/WebView.cpp
parent	1441f89dceb65cbe25d23b1b90005e51d3ed28bd (diff)
download	external_webkit-8180f8161470f2d0d6080c64149cf25ed3b755a5.zip external_webkit-8180f8161470f2d0d6080c64149cf25ed3b755a5.tar.gz external_webkit-8180f8161470f2d0d6080c64149cf25ed3b755a5.tar.bz2

Do not merge: fix array overwrite crasher

If two nodes have the same coordinates, one is deleted. If either has focus, the focus needs to be transfered to the other, and the focus index recomputed, so the index won't point to the wrong node. If the two nodes are at the end of the list, the index may point off the end of the array, subsequently crashing on access. This is a possible security issue. Change-Id: I1ca934074637fbf68e40318fbc354e28c6b474ba http://b/3043268

Diffstat (limited to 'WebKit/android/nav/WebView.cpp')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: