Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / angle / 901b379f0cb6368658874f40e244b01d6bfc4039^! / . / src / libANGLE / ResourceManager.cpp
commit901b379f0cb6368658874f40e244b01d6bfc4039[log] [tgz]
authorJamie Madill <jmadill@chromium.org>Thu May 26 09:20:40 2016 -0400
committerCommit Bot <commit-bot@chromium.org>Thu May 26 16:14:37 2016 +0000
tree504d6e9be7daf50ed0731415332949c9d0fe034e
parent9e54b5af89883d3add301b00f11c57c1efda579c [diff] [blame]
Fix use-after-free when deleting share contexts.

The pattern of gen context, share context, free context, then allocate
a shared GL object in the second context would cause a use-after-free
of the ContextImpl as a GLFactory. Fix this by passing the factory
as a parameter to the resource manager allocation methods instead of
storing the factory pointer. This allows the same ResourceManager to
work with separate Context implementations, which will work with
non-virtual contexts.

BUG=612931

Change-Id: Ifceeb893bebd072f318963d935ff9d17181f5305
Reviewed-on: https://chromium-review.googlesource.com/347463
Reviewed-by: Geoff Lang <geofflang@chromium.org>
Commit-Queue: Jamie Madill <jmadill@chromium.org>
Reviewed-by: Corentin Wallez <cwallez@chromium.org>

diff --git a/src/libANGLE/ResourceManager.cpp b/src/libANGLE/ResourceManager.cpp
index 5c5d907..7fb7109 100644
--- a/src/libANGLE/ResourceManager.cpp
+++ b/src/libANGLE/ResourceManager.cpp

@@ -20,7 +20,7 @@
 
 namespace gl
 {
-ResourceManager::ResourceManager(rx::GLImplFactory *factory) : mFactory(factory), mRefCount(1)
+ResourceManager::ResourceManager() : mRefCount(1)
 {
 }
 
@@ -86,13 +86,15 @@
 }
 
 // Returns an unused shader/program name
-GLuint ResourceManager::createShader(const gl::Limitations &rendererLimitations, GLenum type)
+GLuint ResourceManager::createShader(rx::GLImplFactory *factory,
+                                     const gl::Limitations &rendererLimitations,
+                                     GLenum type)
 {
     GLuint handle = mProgramShaderHandleAllocator.allocate();
 
     if (type == GL_VERTEX_SHADER || type == GL_FRAGMENT_SHADER)
     {
-        mShaderMap[handle] = new Shader(this, mFactory, rendererLimitations, type, handle);
+        mShaderMap[handle] = new Shader(this, factory, rendererLimitations, type, handle);
     }
     else UNREACHABLE();
 
@@ -100,11 +102,11 @@
 }
 
 // Returns an unused program/shader name
-GLuint ResourceManager::createProgram()
+GLuint ResourceManager::createProgram(rx::GLImplFactory *factory)
 {
     GLuint handle = mProgramShaderHandleAllocator.allocate();
 
-    mProgramMap[handle] = new Program(mFactory, this, handle);
+    mProgramMap[handle] = new Program(factory, this, handle);
 
     return handle;
 }
@@ -140,11 +142,11 @@
 }
 
 // Returns the next unused fence name, and allocates the fence
-GLuint ResourceManager::createFenceSync()
+GLuint ResourceManager::createFenceSync(rx::GLImplFactory *factory)
 {
     GLuint handle = mFenceSyncHandleAllocator.allocate();
 
-    FenceSync *fenceSync = new FenceSync(mFactory->createFenceSync(), handle);
+    FenceSync *fenceSync = new FenceSync(factory->createFenceSync(), handle);
     fenceSync->addRef();
     mFenceSyncMap[handle] = fenceSync;
 
@@ -355,7 +357,7 @@
     mRenderbufferMap[handle] = buffer;
 }
 
-Buffer *ResourceManager::checkBufferAllocation(GLuint handle)
+Buffer *ResourceManager::checkBufferAllocation(rx::GLImplFactory *factory, GLuint handle)
 {
     if (handle == 0)
     {
@@ -370,7 +372,7 @@
         return bufferMapIt->second;
     }
 
-    Buffer *buffer = new Buffer(mFactory->createBuffer(), handle);
+    Buffer *buffer = new Buffer(factory->createBuffer(), handle);
     buffer->addRef();
 
     if (handleAllocated)
@@ -386,7 +388,9 @@
     return buffer;
 }
 
-Texture *ResourceManager::checkTextureAllocation(GLuint handle, GLenum type)
+Texture *ResourceManager::checkTextureAllocation(rx::GLImplFactory *factory,
+                                                 GLuint handle,
+                                                 GLenum type)
 {
     if (handle == 0)
     {
@@ -401,7 +405,7 @@
         return textureMapIt->second;
     }
 
-    Texture *texture = new Texture(mFactory, handle, type);
+    Texture *texture = new Texture(factory, handle, type);
     texture->addRef();
 
     if (handleAllocated)
@@ -417,7 +421,8 @@
     return texture;
 }
 
-Renderbuffer *ResourceManager::checkRenderbufferAllocation(GLuint handle)
+Renderbuffer *ResourceManager::checkRenderbufferAllocation(rx::GLImplFactory *factory,
+                                                           GLuint handle)
 {
     if (handle == 0)
     {
@@ -432,7 +437,7 @@
         return renderbufferMapIt->second;
     }
 
-    Renderbuffer *renderbuffer = new Renderbuffer(mFactory->createRenderbuffer(), handle);
+    Renderbuffer *renderbuffer = new Renderbuffer(factory->createRenderbuffer(), handle);
     renderbuffer->addRef();
 
     if (handleAllocated)
@@ -448,7 +453,7 @@
     return renderbuffer;
 }
 
-Sampler *ResourceManager::checkSamplerAllocation(GLuint samplerHandle)
+Sampler *ResourceManager::checkSamplerAllocation(rx::GLImplFactory *factory, GLuint samplerHandle)
 {
     // Samplers cannot be created via Bind
     if (samplerHandle == 0)
@@ -460,7 +465,7 @@
 
     if (!sampler)
     {
-        sampler                    = new Sampler(mFactory, samplerHandle);
+        sampler                    = new Sampler(factory, samplerHandle);
         mSamplerMap[samplerHandle] = sampler;
         sampler->addRef();
     }