AuroraMiddleware/skia2
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

fixed use-after-free in sksl switch statements

Browse Source 
Bug: skia:
Change-Id: I66ef1cd2af9c654bfa40a71b2218cfde49f3a54e
Reviewed-on: https://skia-review.googlesource.com/24329
Reviewed-by: Brian Salomon <bsalomon@google.com>
Commit-Queue: Ethan Nicholas <ethannicholas@google.com>
This commit is contained in:
Ethan Nicholas 2017-07-18 13:22:37 -04:00 committed by Skia Commit-Bot
parent 140635504c
commit c432b0ca8a
3 changed files with 9 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/sksl/SkSLCompiler.cpp
View File

@ -846,7 +846,7 @@ static std::unique_ptr<Statement> block_for_case(SwitchStatement* s, SwitchCase*
for (const auto& s : statementPtrs) {
statements.push_back(std::move(*s));
}
return std::unique_ptr<Statement>(new Block(Position(), std::move(statements)));
return std::unique_ptr<Statement>(new Block(Position(), std::move(statements), s->fSymbols));
}
void Compiler::simplifyStatement(DefinitionMap& definitions,

3
src/sksl/SkSLIRGenerator.cpp
View File

@ -457,7 +457,8 @@ std::unique_ptr<Statement> IRGenerator::convertSwitch(const ASTSwitchStatement&
std::move(statements)));
}
return std::unique_ptr<Statement>(new SwitchStatement(s.fPosition, s.fIsStatic,
std::move(value), std::move(cases)));
std::move(value), std::move(cases),
fSymbolTable));
}
std::unique_ptr<Statement> IRGenerator::convertExpressionStatement(

7
src/sksl/ir/SkSLSwitchStatement.h
View File

@ -18,10 +18,12 @@ namespace SkSL {
*/
struct SwitchStatement : public Statement {
SwitchStatement(Position position, bool isStatic, std::unique_ptr<Expression> value,
std::vector<std::unique_ptr<SwitchCase>> cases)
std::vector<std::unique_ptr<SwitchCase>> cases,
const std::shared_ptr<SymbolTable> symbols)
: INHERITED(position, kSwitch_Kind)
, fIsStatic(isStatic)
, fValue(std::move(value))
, fSymbols(std::move(symbols))
, fCases(std::move(cases)) {}
String description() const override {
@ -39,6 +41,9 @@ struct SwitchStatement : public Statement {
bool fIsStatic;
std::unique_ptr<Expression> fValue;
// it's important to keep fCases defined after (and thus destroyed before) fSymbols, because
// destroying statements can modify reference counts in symbols
const std::shared_ptr<SymbolTable> fSymbols;
std::vector<std::unique_ptr<SwitchCase>> fCases;
typedef Statement INHERITED;