Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / skqp / 5479d3b5690c274bb53c78333c7c4d41cd5f9137
commit5479d3b5690c274bb53c78333c7c4d41cd5f9137[log] [tgz]
authorfmalita <fmalita@chromium.org>Wed Jul 29 14:40:06 2015 -0700
committerCommit bot <commit-bot@chromium.org>Wed Jul 29 14:40:06 2015 -0700
treedc3f6b23f68ce347a7289bc52f651a9bce9ab463
parent3ac6b7551dc7aa182018f96b32f6e516305333ee [diff]
Double free in ~SkPictureData()

On subpicture parsing failures we clean up all fPictureRefs entries
*and* delete the array itself.  But the destructor also deletes the
array => double free.

Alternatively, we can set fPictureCount to the number of successfully
parsed pictures such that the destructor handles all the cleanup.

BUG=515228
R=reed@google.com,mtklein@google.com

Review URL: https://codereview.chromium.org/1264503011
1 file changed
tree: dc3f6b23f68ce347a7289bc52f651a9bce9ab463
  1. animations/
  2. bench/
  3. bin/
  4. debugger/
  5. dm/
  6. example/
  7. experimental/
  8. forth/
  9. gm/
  10. gyp/
  11. include/
  12. infra/
  13. platform_tools/
  14. resources/
  15. samplecode/
  16. site/
  17. src/
  18. tests/
  19. third_party/
  20. tools/
  21. .gitignore
  22. AUTHORS
  23. codereview.settings
  24. CONTRIBUTING
  25. CQ_COMMITTERS
  26. DEPS
  27. Doxyfile
  28. gyp_skia
  29. gyp_skia.py
  30. HASHTAGS
  31. LICENSE
  32. make.bat
  33. make.py
  34. Makefile
  35. OWNERS
  36. PRESUBMIT.py
  37. README
  38. README.chromium
  39. skia.gyp
  40. SKP_VERSION
  41. whitespace.txt