diff options
author | 2018-03-01 15:05:17 -0500 | |
---|---|---|
committer | 2018-03-01 20:42:04 +0000 | |
commit | 68dd2c1fa051019354d0c441c78b3885d8e72a7a (patch) | |
tree | 9b518d216d71742c1948c574db089bdc627b060e /src/sksl/ir/SkSLVariableReference.h | |
parent | a7f320507dcf765313e27001774042cf1882dfea (diff) |
Fixed SkSL use-after-free fuzzer bug and added defensive code to catch such problems in the future.
Bug: skia:7558
Change-Id: I5098c0ed08f2328828969e819db7785270b26656
Reviewed-on: https://skia-review.googlesource.com/111460
Reviewed-by: Greg Daniel <egdaniel@google.com>
Commit-Queue: Ethan Nicholas <ethannicholas@google.com>
Diffstat (limited to 'src/sksl/ir/SkSLVariableReference.h')
-rw-r--r-- | src/sksl/ir/SkSLVariableReference.h | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/src/sksl/ir/SkSLVariableReference.h b/src/sksl/ir/SkSLVariableReference.h index ad54d43515..e1f19ac742 100644 --- a/src/sksl/ir/SkSLVariableReference.h +++ b/src/sksl/ir/SkSLVariableReference.h @@ -45,6 +45,9 @@ struct VariableReference : public Expression { } ~VariableReference() override { + if (fRefKind != kRead_RefKind) { + fVariable.fWriteCount--; + } if (fRefKind != kWrite_RefKind) { fVariable.fReadCount--; } |