From 7e0d185120ea116c91a8db60276971d3fecece80 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marco=20Trevisan=20=28Trevi=C3=B1o=29?= Date: Fri, 17 May 2019 14:35:46 -0500 Subject: [PATCH] cogl/pipeline: Don't try to access to free'd pointer data When free'ing a pipeline we destroy the BigState first and then the fragment and vertex snippets lists using the big state pointer which is now invalid. This causes a crash when G_SLICE=always-malloc is set and using MALLOC_CHECK_. So, invert the operations by free'ing the snippet lists first, and the big state afterwards. https://gitlab.gnome.org/GNOME/mutter/merge_requests/581 --- cogl/cogl/cogl-pipeline.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/cogl/cogl/cogl-pipeline.c b/cogl/cogl/cogl-pipeline.c index 61487e11b..20e0530d9 100644 --- a/cogl/cogl/cogl-pipeline.c +++ b/cogl/cogl/cogl-pipeline.c @@ -452,9 +452,6 @@ _cogl_pipeline_free (CoglPipeline *pipeline) _cogl_bitmask_destroy (&uniforms_state->changed_mask); } - if (pipeline->differences & COGL_PIPELINE_STATE_NEEDS_BIG_STATE) - g_slice_free (CoglPipelineBigState, pipeline->big_state); - if (pipeline->differences & COGL_PIPELINE_STATE_LAYERS) g_list_free_full (pipeline->layer_differences, cogl_object_unref); @@ -464,6 +461,9 @@ _cogl_pipeline_free (CoglPipeline *pipeline) if (pipeline->differences & COGL_PIPELINE_STATE_FRAGMENT_SNIPPETS) _cogl_pipeline_snippet_list_free (&pipeline->big_state->fragment_snippets); + if (pipeline->differences & COGL_PIPELINE_STATE_NEEDS_BIG_STATE) + g_slice_free (CoglPipelineBigState, pipeline->big_state); + g_list_free (pipeline->deprecated_get_layers_list); recursively_free_layer_caches (pipeline);