Closed
Bug 1163505
Opened 10 years ago
Closed 10 years ago
PtrVector should disallow copies to prevent premature&double deletions
Categories
(Core :: WebRTC: Signaling, defect)
Tracking
()
RESOLVED
FIXED
mozilla41
| Tracking | Status | |
|---|---|---|
| firefox41 | --- | fixed |
People
(Reporter: mozbugz, Assigned: mozbugz)
Details
Attachments
(1 file, 2 obsolete files)
|
1.39 KB,
patch
|
mozbugz
:
review+
|
Details | Diff | Splinter Review |
PtrVector holds a vector of pointers, and deletes all pointers on destruction.
It also implicitly allows copies, which could result in two PtrVector's both pointing to the same objects, causing a double deletion; Or if one copy is deleted, users of the second copy will now see deleted objects.
This does happens in a debug version of JsepSessionImpl::CreateAnswerMSection(), which calls JsepSessionImpl::GetCommonCodecs() to retrieve a PtrVector containing pointers to clones of codecs. However as the 'return' from GetCommonCodecs does not use tail-return-optimization in debug mode, it creates a copy of the PtrVector and destroys one; the program crashes a bit later when trying to use a deleted codec object.
Copies should explicitly be disabled, and moves implemented to transfer ownership of the pointers as appropriate.
|
Assignee | |
Comment 1•10 years ago
|
||
Deleted copy constructor&assignment, implemented move constructor&assignment.
Attachment #8603974 -
Flags: review?(docfaraday)
|
|
Assignee | |
Comment 2•10 years ago
|
||
Apologies, previous patch had wrong wrong wrong implementation of assignment! (But it's not used, that's why the compiler didn't complain)
Deleted copy constructor&assignment, implemented move constructor&assignment.
Attachment #8603974 -
Attachment is obsolete: true
Attachment #8603974 -
Flags: review?(docfaraday)
Attachment #8603975 -
Flags: review?(docfaraday)
|
||
Comment 3•10 years ago
|
||
Comment on attachment 8603975 [details] [diff] [review]
1163505-ptrvector-prevent-copy.patch
Review of attachment 8603975 [details] [diff] [review]:
-----------------------------------------------------------------
This looks fine.
Attachment #8603975 -
Flags: review?(docfaraday) → review+
|
|
Assignee | |
Comment 4•10 years ago
|
||
Found this note in https://developer.mozilla.org/en-US/docs/Using_CXX_in_Mozilla_code:
"""rvalue references: Implicit move method generation cannot be used."""
Could this be why PtrVector was not implicitly moved when returned from JsepSessionImpl::GetCommonCodecs()?
|
||
Comment 5•10 years ago
|
||
Hey gerald - does bug 1161589 look like a dupe of this?
Flags: needinfo?(gsquelart)
|
|
Assignee | |
Comment 6•10 years ago
|
||
(In reply to Mike Conley (:mconley) - Needinfo me! from comment #5)
> Hey gerald - does bug 1161589 look like a dupe of this?
No. However, 'my' other recent bug 1163456 is a definite dupe of bug 1161589! Will link them...
Flags: needinfo?(gsquelart)
|
|
Assignee | |
Comment 7•10 years ago
|
||
Keywords: checkin-needed
|
||
Comment 8•10 years ago
|
||
Please make sure you have hg configured to include your author information in new patches as well.
Keywords: checkin-needed
|
|
||
Comment 10•10 years ago
|
||
Backed out for bustage.
https://treeherder.mozilla.org/logviewer.html#?job_id=9918426&repo=mozilla-inbound
|
||
Comment 11•10 years ago
|
||
|
|
Assignee | |
Comment 12•10 years ago
|
||
Patch with correct mozilla::Move instead of std::move.
Attachment #8603975 -
Attachment is obsolete: true
Attachment #8606779 -
Flags: review+
|
|
Assignee | |
Comment 13•10 years ago
|
||
Sorry for the snafu, forgot to upload the correct patch after successful try.
https://treeherder.mozilla.org/#/jobs?repo=try&revision=13b86813992c
Keywords: checkin-needed
|
|
||
Comment 14•10 years ago
|
||
Keywords: checkin-needed
|
|
||
Comment 15•10 years ago
|
||
Status: NEW → RESOLVED
Closed: 10 years ago
status-firefox41:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla41
You need to log in
before you can comment on or make changes to this bug.
Description
•