Closed
Bug 1163505
Opened 9 years ago
Closed 9 years ago
PtrVector should disallow copies to prevent premature&double deletions
Categories
(Core :: WebRTC: Signaling, defect)
Tracking
()
RESOLVED
FIXED
mozilla41
Tracking | Status | |
---|---|---|
firefox41 | --- | fixed |
People
(Reporter: mozbugz, Assigned: mozbugz)
Details
Attachments
(1 file, 2 obsolete files)
1.39 KB,
patch
|
mozbugz
:
review+
|
Details | Diff | Splinter Review |
PtrVector holds a vector of pointers, and deletes all pointers on destruction. It also implicitly allows copies, which could result in two PtrVector's both pointing to the same objects, causing a double deletion; Or if one copy is deleted, users of the second copy will now see deleted objects. This does happens in a debug version of JsepSessionImpl::CreateAnswerMSection(), which calls JsepSessionImpl::GetCommonCodecs() to retrieve a PtrVector containing pointers to clones of codecs. However as the 'return' from GetCommonCodecs does not use tail-return-optimization in debug mode, it creates a copy of the PtrVector and destroys one; the program crashes a bit later when trying to use a deleted codec object. Copies should explicitly be disabled, and moves implemented to transfer ownership of the pointers as appropriate.
Assignee | ||
Comment 1•9 years ago
|
||
Deleted copy constructor&assignment, implemented move constructor&assignment.
Attachment #8603974 -
Flags: review?(docfaraday)
Assignee | ||
Comment 2•9 years ago
|
||
Apologies, previous patch had wrong wrong wrong implementation of assignment! (But it's not used, that's why the compiler didn't complain) Deleted copy constructor&assignment, implemented move constructor&assignment.
Attachment #8603974 -
Attachment is obsolete: true
Attachment #8603974 -
Flags: review?(docfaraday)
Attachment #8603975 -
Flags: review?(docfaraday)
Comment 3•9 years ago
|
||
Comment on attachment 8603975 [details] [diff] [review] 1163505-ptrvector-prevent-copy.patch Review of attachment 8603975 [details] [diff] [review]: ----------------------------------------------------------------- This looks fine.
Attachment #8603975 -
Flags: review?(docfaraday) → review+
Assignee | ||
Comment 4•9 years ago
|
||
Found this note in https://developer.mozilla.org/en-US/docs/Using_CXX_in_Mozilla_code: """rvalue references: Implicit move method generation cannot be used.""" Could this be why PtrVector was not implicitly moved when returned from JsepSessionImpl::GetCommonCodecs()?
Comment 5•9 years ago
|
||
Hey gerald - does bug 1161589 look like a dupe of this?
Flags: needinfo?(gsquelart)
Assignee | ||
Comment 6•9 years ago
|
||
(In reply to Mike Conley (:mconley) - Needinfo me! from comment #5) > Hey gerald - does bug 1161589 look like a dupe of this? No. However, 'my' other recent bug 1163456 is a definite dupe of bug 1161589! Will link them...
Flags: needinfo?(gsquelart)
Assignee | ||
Comment 7•9 years ago
|
||
https://treeherder.mozilla.org/#/jobs?repo=try&revision=13b86813992c
Keywords: checkin-needed
Comment 8•9 years ago
|
||
Please make sure you have hg configured to include your author information in new patches as well.
Comment 10•9 years ago
|
||
Backed out for bustage. https://treeherder.mozilla.org/logviewer.html#?job_id=9918426&repo=mozilla-inbound
Comment 11•9 years ago
|
||
Backout: https://hg.mozilla.org/integration/mozilla-inbound/rev/8b92f853d8cc
Assignee | ||
Comment 12•9 years ago
|
||
Patch with correct mozilla::Move instead of std::move.
Attachment #8603975 -
Attachment is obsolete: true
Attachment #8606779 -
Flags: review+
Assignee | ||
Comment 13•9 years ago
|
||
Sorry for the snafu, forgot to upload the correct patch after successful try. https://treeherder.mozilla.org/#/jobs?repo=try&revision=13b86813992c
Keywords: checkin-needed
Comment 14•9 years ago
|
||
https://hg.mozilla.org/integration/mozilla-inbound/rev/2d331d4ba0f5
Keywords: checkin-needed
Comment 15•9 years ago
|
||
https://hg.mozilla.org/mozilla-central/rev/2d331d4ba0f5
Status: NEW → RESOLVED
Closed: 9 years ago
status-firefox41:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla41
You need to log in
before you can comment on or make changes to this bug.
Description
•