1b548ea - platform/external/chromium_org/third_party/WebKit

commit	1b548ea8a1685e6d324d89788f6622d897f8ecdf	[log] [tgz]
author	Selim Gurun <sgurun@google.com>	Wed Nov 13 17:11:32 2013 -0800
committer	Selim Gurun <sgurun@google.com>	Wed Nov 13 17:11:32 2013 -0800
tree	4100e294bafa798f117b0d44a82b3449fda99e00
parent	070b047c9a75d418df397df222b35beacf212a9c [diff]

Heap-use-after-free in WebCore::RenderObject::childAt

Bug: 11676314

This is a cherry pick of https://codereview.chromium.org/30663003.
Note that it is a cherry-pick of the code only (not the layout
tests). The cherry pick had one minor modification from a reference
to a pointer type.

Change-Id: I4aa902aaa04970eba548ad2eac6d2a288f60bc49

Source/core/dom/ContainerNode.cpp[diff]

1 file changed

tree: 4100e294bafa798f117b0d44a82b3449fda99e00

ManualTests/
PerformanceTests/
public/
Source/
Tools/
.gitattributes
.gitignore
.merged-revisions
codereview.settings
OWNERS
PRESUBMIT.py
WATCHLISTS