[Webkit-unassigned] [Bug 255678] [GStreamer] GstGLContext use-after-free
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Wed Apr 19 16:12:47 PDT 2023
https://bugs.webkit.org/show_bug.cgi?id=255678
--- Comment #5 from Michael Catanzaro <mcatanzaro at redhat.com> ---
Since you have an asan build handy, please test this:
diff --git a/Source/WebCore/platform/graphics/PlatformDisplay.cpp b/Source/WebCore/platform/graphics/PlatformDisplay.cpp
index cdd10a7d1351..c645522892ca 100644
--- a/Source/WebCore/platform/graphics/PlatformDisplay.cpp
+++ b/Source/WebCore/platform/graphics/PlatformDisplay.cpp
@@ -168,12 +168,18 @@ PlatformDisplay& PlatformDisplay::sharedDisplay()
return *display;
#else
static std::once_flag onceFlag;
- IGNORE_CLANG_WARNINGS_BEGIN("exit-time-destructors")
- static std::unique_ptr<PlatformDisplay> display;
- IGNORE_CLANG_WARNINGS_END
+ static PlatformDisplay* display;
std::call_once(onceFlag, []{
- display = createPlatformDisplay();
+ display = createPlatformDisplay().release();
+ std::atexit([] {
+ // PlatformDisplay::sharedDisplay should always be called before the first call to
+ // PlatformDisplay::initializeEGLDisplay, so this exit handler should always run after
+ // the exit handler registered in that function.
+ delete display;
+ display = nullptr;
+ });
});
+ ASSERT(display);
return *display;
#endif
}
Does that fix the problem? If so, I'll create a merge request.
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20230419/8ae866a4/attachment.htm>
More information about the webkit-unassigned
mailing list