19 lines
1.3 KiB
Diff
19 lines
1.3 KiB
Diff
diff -up qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/loader/FrameLoader.cpp.cve-2010-0047-call-after-free qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/loader/FrameLoader.cpp
|
|
--- qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/loader/FrameLoader.cpp.cve-2010-0047-call-after-free 2010-02-11 16:55:19.000000000 +0100
|
|
+++ qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/loader/FrameLoader.cpp 2010-05-06 12:21:13.852469331 +0200
|
|
@@ -1260,9 +1260,11 @@ bool FrameLoader::requestObject(RenderPa
|
|
|
|
ASSERT(renderer->node()->hasTagName(objectTag) || renderer->node()->hasTagName(embedTag));
|
|
HTMLPlugInElement* element = static_cast<HTMLPlugInElement*>(renderer->node());
|
|
-
|
|
- // FIXME: OK to always make a new frame? When does the old frame get removed?
|
|
- return loadSubframe(element, completedURL, frameName, m_outgoingReferrer);
|
|
+
|
|
+ // If the plug-in element already contains a subframe, requestFrame will re-use it. Otherwise,
|
|
+ // it will create a new frame and set it as the RenderPart's widget, causing what was previously
|
|
+ // in the widget to be torn down.
|
|
+ return requestFrame(element, completedURL, frameName);
|
|
}
|
|
|
|
bool FrameLoader::shouldUsePlugin(const KURL& url, const String& mimeType, bool hasFallback, bool& useFallback)
|