Closed Bug 603322 Opened 14 years ago Closed 14 years ago

new[] mismatch with delete instead of delete[] in TVariable::shareConstPointer

Categories

(Core :: Graphics, defect)

Product:
Core
Component:
Graphics
Type:
defect
Priority:
Not set
Severity:
blocker

Tracking

()

Status:
RESOLVED FIXED
Tracking Flags:
Tracking Status
blocking2.0 --- -

People

(Reporter: timeless, Assigned: timeless)

References

(Blocks 1 open bug)

Details

(Keywords: coverity, crash)

Attachments

(1 file)

match allocator
(deleted), patch
Details | Diff | Splinter Review
Note: mismatched allocators can result in heap corruption. This isn't just a crash, it's actually *bad*. 71 class TVariable : public TSymbol { 72 public: 85 ConstantUnion* getConstPointer() 87 if (!unionArray) 88 unionArray = new ConstantUnion[type.getObjectSize()]; 90 return unionArray; 93 ConstantUnion* getConstPointer() const { return unionArray; } 95 void shareConstPointer( ConstantUnion *constArray) 97 delete unionArray; 98 unionArray = constArray; 944 bool TParseContext::executeInitializer(TSourceLoc line, TString& identifier, TPublicType& pType, 980 if (qualifier == EvqConst) { 992 if (initializer->getAsConstantUnion()) { 993 ConstantUnion* unionArray = variable->getConstPointer(); 994 995 if (type.getObjectSize() == 1 && type.getBasicType() != EbtStruct) { 997 } else { 998 variable->shareConstPointer(initializer->getAsConstantUnion()->getUnionArrayPointer());
blocking2.0: --- → ?
Attached patch match allocator (deleted) — Splinter Review
Assignee: nobody → timeless
Status: NEW → ASSIGNED
Needs to be filed at http://code.google.com/p/angleproject/ -- please file further ANGLE bugs there.
blocking2.0: ? → -
fixed with the landing of bug 616290
Status: ASSIGNED → RESOLVED
Closed: 14 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: