The PODFreeListArena class doesn't actually deallocate objects when they're freed, so address sanitizer builds of WebKit won't catch use-after-free issues with objects that use it.
Created attachment 223542 [details] Patch v1
Comment on attachment 223542 [details] Patch v1 Clearing flags on attachment: 223542 Committed r163693: <http://trac.webkit.org/changeset/163693>
All reviewed patches have been landed. Closing bug.