Files · 80b2411a1e5cc8e3e7b1b92d82f18969ac79e045 · Chen Yisong / angle

Context: directly delete the resource instead of also detaching · 80b2411a

authored Aug 25, 2015

Otherwise when detaching vertex array 0 and N the following would happen:
 - call Context::deleteVertexArray(0)
   - call Context::detachVertexArray(0)
     - call State::removeVertexArrayBinding(0)
       set mVertexArray to nullptr, returns true
     - call State::bindVertexArray(0)
       reset mVertexArray to its previous value
 - call Context::deleteVertexArray(n)
   - call Context::detachVertexArray(n)
     - call State::removeVertexArrayBinding(n)
       Incorrectly call mVertexArray->id() which is a use after free.

BUG=angleproject:1137

Change-Id: I594044fee6c90b1775a61943b15df92bf323ff2a
Reviewed-on: https://chromium-review.googlesource.com/295123Reviewed-by: Jamie Madill <jmadill@chromium.org>
Reviewed-by: Geoff Lang <geofflang@chromium.org>
Tested-by: Corentin Wallez <cwallez@chromium.org>

80b2411a

Name	Last commit	Last update
build		Loading commit data...
doc		Loading commit data...
extensions		Loading commit data...
include		Loading commit data...
samples		Loading commit data...
src		Loading commit data...
util		Loading commit data...
.clang-format		Loading commit data...
.gitattributes		Loading commit data...
.gitignore		Loading commit data...
AUTHORS		Loading commit data...
BUILD.gn		Loading commit data...
CONTRIBUTORS		Loading commit data...
DEPS		Loading commit data...
LICENSE		Loading commit data...
README.chromium		Loading commit data...
README.md		Loading commit data...
angle.isolate		Loading commit data...
angle_on_all_platforms.isolate		Loading commit data...
codereview.settings		Loading commit data...

README.md