[Wayland-bugs] [Bug 61385] wayland-client.c:dispatch_event() dereferences proxy after free

Sun Mar 17 13:24:40 PDT 2013

https://bugs.freedesktop.org/show_bug.cgi?id=61385

Kristian Høgsberg <krh at bitplanet.net> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|---                         |FIXED

--- Comment #4 from Kristian Høgsberg <krh at bitplanet.net> ---
commit e053a5625129bd11c301c9587f5f29cbda95c66d
Author: Jonas Ådahl <jadahl at gmail.com>
Date:   Thu Mar 7 23:32:39 2013 +0100

    client: Check reference count only for destroyed proxies

    The llvm static analyzer tool reported "Use of memory after it is freed"
    in dispatch_event() because the proxy is used after being freed if the
    reference count reaches zero without the destroyed flag being set. This
    would never happen in practice because the owner of the proxy object
    always holds a reference until calling wl_proxy_destroy() which would
    also set the destroyed flag.

    Since this is the case, it is safe to do the reference count check only
    if the destroyed flag is set, as it can never reach zero if not.

    This commit doesn't change the behavior of the function, but makes the
    static analyzer more happy.

    Fixes https://bugs.freedesktop.org/show_bug.cgi?id=61385

    Signed-off-by: Jonas Ådahl <jadahl at gmail.com>

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freedesktop.org/archives/wayland-bugs/attachments/20130317/704f3539/attachment.html>