Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(310)

Issues Search
    My Issues | Starred     Open | Closed | All

Issue 1264503011: Double free in ~SkPictureData() (Closed)

Created:
5 years, 4 months ago by f(malita)
Modified:
5 years, 4 months ago
Reviewers:
mtklein, reed1
CC:
reviews_skia.org
Base URL:
https://chromium.googlesource.com/skia.git@master
Target Ref:
refs/heads/master
Project:
skia
Visibility:
Public.

Description

Double free in ~SkPictureData() On subpicture parsing failures we clean up all fPictureRefs entries *and* delete the array itself. But the destructor also deletes the array => double free. Alternatively, we can set fPictureCount to the number of successfully parsed pictures such that the destructor handles all the cleanup. BUG=515228 R=reed@google.com,mtklein@google.com Committed: https://skia.googlesource.com/skia/+/5479d3b5690c274bb53c78333c7c4d41cd5f9137

Patch Set 1 #

Total comments: 1

Patch Set 2 : improved version/review #

Total comments: 2

Patch Set 3 : indent #

Unified diffs Side-by-side diffs Delta from patch set Stats (+6 lines, -18 lines) Patch
M src/core/SkPictureData.cpp View 1 2 1 chunk +6 lines, -18 lines 0 comments Download

Messages

Total messages: 19 (6 generated)
f(malita)
We could also just null the pointer after SkDELETE_ARRAY, but this feels DRYer.
5 years, 4 months ago (2015-07-29 21:04:25 UTC) #1
commit-bot: I haz the power
Dry run: CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/patch-status/1264503011/1 View timeline at https://chromium-cq-status.appspot.com/patch-timeline/1264503011/1
5 years, 4 months ago (2015-07-29 21:04:52 UTC) #3
mtklein
lgtm, but my version lbtm. https://codereview.chromium.org/1264503011/diff/1/src/core/SkPictureData.cpp File src/core/SkPictureData.cpp (right): https://codereview.chromium.org/1264503011/diff/1/src/core/SkPictureData.cpp#newcode380 src/core/SkPictureData.cpp:380: for ( ; i ...
5 years, 4 months ago (2015-07-29 21:09:22 UTC) #4
commit-bot: I haz the power
Dry run: This issue passed the CQ dry run.
5 years, 4 months ago (2015-07-29 21:13:23 UTC) #6
commit-bot: I haz the power
Dry run: CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/patch-status/1264503011/20001 View timeline at https://chromium-cq-status.appspot.com/patch-timeline/1264503011/20001
5 years, 4 months ago (2015-07-29 21:20:55 UTC) #8
f(malita)
On 2015/07/29 21:09:22, mtklein wrote: > lgtm, but my version lbtm. Thanks, lbtm2. Done.
5 years, 4 months ago (2015-07-29 21:21:25 UTC) #9
mtklein
https://codereview.chromium.org/1264503011/diff/20001/src/core/SkPictureData.cpp File src/core/SkPictureData.cpp (right): https://codereview.chromium.org/1264503011/diff/20001/src/core/SkPictureData.cpp#newcode380 src/core/SkPictureData.cpp:380: if (!fPictureRefs[i]) { Is it just codereview or is ...
5 years, 4 months ago (2015-07-29 21:22:43 UTC) #10
commit-bot: I haz the power
Dry run: CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/patch-status/1264503011/40001 View timeline at https://chromium-cq-status.appspot.com/patch-timeline/1264503011/40001
5 years, 4 months ago (2015-07-29 21:24:57 UTC) #12
f(malita)
https://codereview.chromium.org/1264503011/diff/20001/src/core/SkPictureData.cpp File src/core/SkPictureData.cpp (right): https://codereview.chromium.org/1264503011/diff/20001/src/core/SkPictureData.cpp#newcode380 src/core/SkPictureData.cpp:380: if (!fPictureRefs[i]) { On 2015/07/29 21:22:43, mtklein wrote: > ...
5 years, 4 months ago (2015-07-29 21:26:08 UTC) #13
mtklein
lgtm
5 years, 4 months ago (2015-07-29 21:27:27 UTC) #14
commit-bot: I haz the power
Dry run: This issue passed the CQ dry run.
5 years, 4 months ago (2015-07-29 21:33:02 UTC) #16
commit-bot: I haz the power
CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/patch-status/1264503011/40001 View timeline at https://chromium-cq-status.appspot.com/patch-timeline/1264503011/40001
5 years, 4 months ago (2015-07-29 21:39:21 UTC) #18
commit-bot: I haz the power
5 years, 4 months ago (2015-07-29 21:40:10 UTC) #19
Message was sent while issue was closed. 
Committed patchset #3 (id:40001) as
https://skia.googlesource.com/skia/+/5479d3b5690c274bb53c78333c7c4d41cd5f9137

Powered by Google App Engine
This is Rietveld 408576698