translator: Fix builtin function emulator use-after-free.

src/compiler/translator/BuiltInFunctionEmulator.cpp

@@ -7,6 +7,7 @@
 #include "angle_gl.h"
 #include "compiler/translator/BuiltInFunctionEmulator.h"
 #include "compiler/translator/SymbolTable.h"
+#include "compiler/translator/Cache.h"
 
 class BuiltInFunctionEmulator::BuiltInFunctionEmulationMarker : public TIntermTraverser
 {
@@ -194,8 +195,8 @@ TString BuiltInFunctionEmulator::GetEmulatedFunctionName(
 BuiltInFunctionEmulator::FunctionId::FunctionId(TOperator op, const TType *param)
     : mOp(op),
       mParam1(param),
-      mParam2(new TType(EbtVoid)),
-      mParam3(new TType(EbtVoid))
+      mParam2(TCache::getType(EbtVoid)),
+      mParam3(TCache::getType(EbtVoid))
 {
 }
 
@@ -203,7 +204,7 @@ BuiltInFunctionEmulator::FunctionId::FunctionId(TOperator op, const TType *param
     : mOp(op),
       mParam1(param1),
       mParam2(param2),
-      mParam3(new TType(EbtVoid))
+      mParam3(TCache::getType(EbtVoid))
 {
 }
 

src/compiler/translator/Compiler.cpp

@@ -318,7 +318,10 @@ TIntermNode *TCompiler::compileTreeImpl(const char *const shaderStrings[],
         // Built-in function emulation needs to happen after validateLimitations pass.
         if (success)
         {
+            // TODO(jmadill): Remove global pool allocator.
+            GetGlobalPoolAllocator()->lock();
             initBuiltInFunctionEmulator(&builtInFunctionEmulator, compileOptions);
+            GetGlobalPoolAllocator()->unlock();
             builtInFunctionEmulator.MarkBuiltInFunctionsForEmulation(root);
         }
 

src/compiler/translator/PoolAlloc.cpp

@@ -6,16 +6,16 @@
 
 #include "compiler/translator/PoolAlloc.h"
 
-#include "compiler/translator/InitializeGlobals.h"
-
-#include "common/platform.h"
-#include "common/angleutils.h"
-#include "common/tls.h"
-
 #include <stdint.h>
 #include <stdio.h>
 #include <assert.h>
 
+#include "common/angleutils.h"
+#include "common/debug.h"
+#include "common/platform.h"
+#include "common/tls.h"
+#include "compiler/translator/InitializeGlobals.h"
+
 TLSIndex PoolIndex = TLS_INVALID_INDEX;
 
 bool InitializePoolIndex()
@@ -56,7 +56,8 @@ TPoolAllocator::TPoolAllocator(int growthIncrement, int allocationAlignment) :
     freeList(0),
     inUseList(0),
     numCalls(0),
-    totalBytes(0)
+    totalBytes(0),
+    mLocked(false)
 {
     //
     // Don't allow page sizes we know are smaller than all common
@@ -206,6 +207,8 @@ void TPoolAllocator::popAll()
 
 void* TPoolAllocator::allocate(size_t numBytes)
 {
+    ASSERT(!mLocked);
+
     //
     // Just keep some interesting statistics.
     //
@@ -284,6 +287,17 @@ void* TPoolAllocator::allocate(size_t numBytes)
     return initializeAllocation(inUseList, ret, numBytes);
 }
 
+void TPoolAllocator::lock()
+{
+    ASSERT(!mLocked);
+    mLocked = true;
+}
+
+void TPoolAllocator::unlock()
+{
+    ASSERT(mLocked);
+    mLocked = false;
+}
 
 //
 // Check all allocations in a list for damage by calling check on each.

src/compiler/translator/PoolAlloc.h

@@ -152,6 +152,11 @@ public:
     // by calling pop(), and to not have to solve memory leak problems.
     //
 
+    // Catch unwanted allocations.
+    // TODO(jmadill): Remove this when we remove the global allocator.
+    void lock();
+    void unlock();
+
 protected:
     friend struct tHeader;
     
@@ -211,6 +216,7 @@ protected:
 private:
     TPoolAllocator& operator=(const TPoolAllocator&);  // dont allow assignment operator
     TPoolAllocator(const TPoolAllocator&);  // dont allow default copy constructor
+    bool mLocked;
 };