Issue 102823002: Fix possible use-after-free in WGC3D shared context map

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Issue 102823002: Fix possible use-after-free in WGC3D shared context map (Closed)

Created:
7 years ago by no sievers

Modified:
7 years ago

Reviewers:
Ken Russell (switch to Gerrit), piman

CC:
chromium-reviews, joi+watch-content_chromium.org, jam, sievers+watch_chromium.org, jbauman+watch_chromium.org, darin-cc_chromium.org, kalyank, piman+watch_chromium.org, danakj+watch_chromium.org, bajones

Base URL:
svn://svn.chromium.org/chrome/trunk/src

Visibility:
Public.

More Reviews

Description

Fix possible use-after-free in WGC3D shared context map Remove WGC3D from the map in Destroy() rather than ~WGC3DCBImpl(), because removal from the multimap needs |host_|. Otherwise it's possible that MaybeInitializeGL() and CreateContext() fail and call Destroy(), which resets |host_|, and we already inserted ourselves in the map. BUG=325071 Committed: https://src.chromium.org/viewvc/chrome?view=rev&revision=238546