Fix use-after-delete in ParseContext.cpp.
This bug was exposed after a refactoring from the translator.
BUG=None
TEST=angle_unittests,angle_end2end_tests
Change-Id: I13fddcbe84f87826068a557f139f6e35c674571e
Reviewed-on: https://chromium-review.googlesource.com/287832
Reviewed-by: Zhenyao Mo <zmo@chromium.org>
Tested-by: Jamie Madill <jmadill@chromium.org>
diff --git a/src/compiler/translator/ParseContext.cpp b/src/compiler/translator/ParseContext.cpp
index 46701df..a3d5646 100644
--- a/src/compiler/translator/ParseContext.cpp
+++ b/src/compiler/translator/ParseContext.cpp
@@ -930,8 +930,7 @@
if (!symbolTable.declare(*variable))
{
error(line, "redefinition", identifier.c_str());
- delete (*variable);
- (*variable) = nullptr;
+ *variable = nullptr;
return false;
}
@@ -1884,10 +1883,13 @@
//
// Insert the parameters with name in the symbol table.
//
- if (!symbolTable.declare(variable)) {
+ if (!symbolTable.declare(variable))
+ {
error(location, "redefinition", variable->getName().c_str());
recover();
- delete variable;
+ paramNodes = intermediate.growAggregate(
+ paramNodes, intermediate.addSymbol(0, "", *param.type, location), location);
+ continue;
}
//
@@ -3758,7 +3760,6 @@
recover();
}
}
- delete fnCall;
return callNode;
}