Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / angle / 901b379f0cb6368658874f40e244b01d6bfc4039^! / . / src / libANGLE / Context.cpp
commit901b379f0cb6368658874f40e244b01d6bfc4039[log] [tgz]
authorJamie Madill <jmadill@chromium.org>Thu May 26 09:20:40 2016 -0400
committerCommit Bot <commit-bot@chromium.org>Thu May 26 16:14:37 2016 +0000
tree504d6e9be7daf50ed0731415332949c9d0fe034e
parent9e54b5af89883d3add301b00f11c57c1efda579c [diff] [blame]
Fix use-after-free when deleting share contexts.

The pattern of gen context, share context, free context, then allocate
a shared GL object in the second context would cause a use-after-free
of the ContextImpl as a GLFactory. Fix this by passing the factory
as a parameter to the resource manager allocation methods instead of
storing the factory pointer. This allows the same ResourceManager to
work with separate Context implementations, which will work with
non-virtual contexts.

BUG=612931

Change-Id: Ifceeb893bebd072f318963d935ff9d17181f5305
Reviewed-on: https://chromium-review.googlesource.com/347463
Reviewed-by: Geoff Lang <geofflang@chromium.org>
Commit-Queue: Jamie Madill <jmadill@chromium.org>
Reviewed-by: Corentin Wallez <cwallez@chromium.org>

diff --git a/src/libANGLE/Context.cpp b/src/libANGLE/Context.cpp
index 2ef7972..750f4a4 100644
--- a/src/libANGLE/Context.cpp
+++ b/src/libANGLE/Context.cpp

@@ -162,7 +162,7 @@
     }
     else
     {
-        mResourceManager = new ResourceManager(mImplementation.get());
+        mResourceManager = new ResourceManager();
     }
 
     mData.resourceManager = mResourceManager;
@@ -411,12 +411,13 @@
 
 GLuint Context::createProgram()
 {
-    return mResourceManager->createProgram();
+    return mResourceManager->createProgram(mImplementation.get());
 }
 
 GLuint Context::createShader(GLenum type)
 {
-    return mResourceManager->createShader(mImplementation->getNativeLimitations(), type);
+    return mResourceManager->createShader(mImplementation.get(),
+                                          mImplementation->getNativeLimitations(), type);
 }
 
 GLuint Context::createTexture()
@@ -431,7 +432,7 @@
 
 GLsync Context::createFenceSync()
 {
-    GLuint handle = mResourceManager->createFenceSync();
+    GLuint handle = mResourceManager->createFenceSync(mImplementation.get());
 
     return reinterpret_cast<GLsync>(static_cast<uintptr_t>(handle));
 }
@@ -706,13 +707,13 @@
 
 void Context::bindArrayBuffer(GLuint bufferHandle)
 {
-    Buffer *buffer = mResourceManager->checkBufferAllocation(bufferHandle);
+    Buffer *buffer = mResourceManager->checkBufferAllocation(mImplementation.get(), bufferHandle);
     mState.setArrayBufferBinding(buffer);
 }
 
 void Context::bindElementArrayBuffer(GLuint bufferHandle)
 {
-    Buffer *buffer = mResourceManager->checkBufferAllocation(bufferHandle);
+    Buffer *buffer = mResourceManager->checkBufferAllocation(mImplementation.get(), bufferHandle);
     mState.getVertexArray()->setElementArrayBuffer(buffer);
 }
 
@@ -726,7 +727,7 @@
     }
     else
     {
-        texture = mResourceManager->checkTextureAllocation(handle, target);
+        texture = mResourceManager->checkTextureAllocation(mImplementation.get(), handle, target);
     }
 
     ASSERT(texture);
@@ -747,7 +748,8 @@
 
 void Context::bindRenderbuffer(GLuint renderbufferHandle)
 {
-    Renderbuffer *renderbuffer = mResourceManager->checkRenderbufferAllocation(renderbufferHandle);
+    Renderbuffer *renderbuffer =
+        mResourceManager->checkRenderbufferAllocation(mImplementation.get(), renderbufferHandle);
     mState.setRenderbufferBinding(renderbuffer);
 }
 
@@ -760,13 +762,14 @@
 void Context::bindSampler(GLuint textureUnit, GLuint samplerHandle)
 {
     ASSERT(textureUnit < mCaps.maxCombinedTextureImageUnits);
-    Sampler *sampler = mResourceManager->checkSamplerAllocation(samplerHandle);
+    Sampler *sampler =
+        mResourceManager->checkSamplerAllocation(mImplementation.get(), samplerHandle);
     mState.setSamplerBinding(textureUnit, sampler);
 }
 
 void Context::bindGenericUniformBuffer(GLuint bufferHandle)
 {
-    Buffer *buffer = mResourceManager->checkBufferAllocation(bufferHandle);
+    Buffer *buffer = mResourceManager->checkBufferAllocation(mImplementation.get(), bufferHandle);
     mState.setGenericUniformBufferBinding(buffer);
 }
 
@@ -775,13 +778,13 @@
                                        GLintptr offset,
                                        GLsizeiptr size)
 {
-    Buffer *buffer = mResourceManager->checkBufferAllocation(bufferHandle);
+    Buffer *buffer = mResourceManager->checkBufferAllocation(mImplementation.get(), bufferHandle);
     mState.setIndexedUniformBufferBinding(index, buffer, offset, size);
 }
 
 void Context::bindGenericTransformFeedbackBuffer(GLuint bufferHandle)
 {
-    Buffer *buffer = mResourceManager->checkBufferAllocation(bufferHandle);
+    Buffer *buffer = mResourceManager->checkBufferAllocation(mImplementation.get(), bufferHandle);
     mState.getCurrentTransformFeedback()->bindGenericBuffer(buffer);
 }
 
@@ -790,31 +793,31 @@
                                                  GLintptr offset,
                                                  GLsizeiptr size)
 {
-    Buffer *buffer = mResourceManager->checkBufferAllocation(bufferHandle);
+    Buffer *buffer = mResourceManager->checkBufferAllocation(mImplementation.get(), bufferHandle);
     mState.getCurrentTransformFeedback()->bindIndexedBuffer(index, buffer, offset, size);
 }
 
 void Context::bindCopyReadBuffer(GLuint bufferHandle)
 {
-    Buffer *buffer = mResourceManager->checkBufferAllocation(bufferHandle);
+    Buffer *buffer = mResourceManager->checkBufferAllocation(mImplementation.get(), bufferHandle);
     mState.setCopyReadBufferBinding(buffer);
 }
 
 void Context::bindCopyWriteBuffer(GLuint bufferHandle)
 {
-    Buffer *buffer = mResourceManager->checkBufferAllocation(bufferHandle);
+    Buffer *buffer = mResourceManager->checkBufferAllocation(mImplementation.get(), bufferHandle);
     mState.setCopyWriteBufferBinding(buffer);
 }
 
 void Context::bindPixelPackBuffer(GLuint bufferHandle)
 {
-    Buffer *buffer = mResourceManager->checkBufferAllocation(bufferHandle);
+    Buffer *buffer = mResourceManager->checkBufferAllocation(mImplementation.get(), bufferHandle);
     mState.setPixelPackBufferBinding(buffer);
 }
 
 void Context::bindPixelUnpackBuffer(GLuint bufferHandle)
 {
-    Buffer *buffer = mResourceManager->checkBufferAllocation(bufferHandle);
+    Buffer *buffer = mResourceManager->checkBufferAllocation(mImplementation.get(), bufferHandle);
     mState.setPixelUnpackBufferBinding(buffer);
 }
 
@@ -1910,7 +1913,7 @@
 
 void Context::samplerParameteri(GLuint sampler, GLenum pname, GLint param)
 {
-    mResourceManager->checkSamplerAllocation(sampler);
+    mResourceManager->checkSamplerAllocation(mImplementation.get(), sampler);
 
     Sampler *samplerObject = getSampler(sampler);
     ASSERT(samplerObject);
@@ -1935,7 +1938,7 @@
 
 void Context::samplerParameterf(GLuint sampler, GLenum pname, GLfloat param)
 {
-    mResourceManager->checkSamplerAllocation(sampler);
+    mResourceManager->checkSamplerAllocation(mImplementation.get(), sampler);
 
     Sampler *samplerObject = getSampler(sampler);
     ASSERT(samplerObject);
@@ -1960,7 +1963,7 @@
 
 GLint Context::getSamplerParameteri(GLuint sampler, GLenum pname)
 {
-    mResourceManager->checkSamplerAllocation(sampler);
+    mResourceManager->checkSamplerAllocation(mImplementation.get(), sampler);
 
     Sampler *samplerObject = getSampler(sampler);
     ASSERT(samplerObject);
@@ -1985,7 +1988,7 @@
 
 GLfloat Context::getSamplerParameterf(GLuint sampler, GLenum pname)
 {
-    mResourceManager->checkSamplerAllocation(sampler);
+    mResourceManager->checkSamplerAllocation(mImplementation.get(), sampler);
 
     Sampler *samplerObject = getSampler(sampler);
     ASSERT(samplerObject);