Fix potential null pointer dereference.

When the compiler does not perform return value optimization, the LockPtr<> destructor of the temporary object is called after the move constructor has set the Lock to null, thus causing a null pointer dereference in the destructor. This can be replicated using the -fno-elide-constructors build flag. Change-Id: Ie00c3f93364fdf78ea1993469b9a606b3c87ebdc Reviewed-on: https://chromium-review.googlesource.com/486985Reviewed-by: Jim Stichnoth <stichnot@chromium.org>

Fix potential null pointer dereference.
6c629dc3 · Nicolas Capens · Nicolas Capens · 47b6ba6d · 6c629dc3
Commit 6c629dc3 authored Apr 25, 2017 by Nicolas Capens Committed by Nicolas Capens Apr 25, 2017
Hide whitespace changes
Inline Side-by-side

Showing with 4 additions and 1 deletion

IceDefs.h src/IceDefs.h +4 -1

No files found.
--- a/src/IceDefs.h
+++ b/src/IceDefs.h
@@ -398,7 +398,10 @@ public:
    Other.Value = nullptr;
    Other.Lock = nullptr;
  }
-  ~LockedPtr() { Lock->unlock(); }
+  ~LockedPtr() {
+    if (Lock != nullptr)
+      Lock->unlock();
+  }
  T *operator->() const { return Value; }
  T &operator*() const { return *Value; }
  T *get() { return Value; }