matrix-stack: getting parent ptr before freeing

When unrefing a CoglMatrixEntry we walk up the ancestry unrefing and
freeing entries until we find an entry that doesn't need to be freed.
The problem fixed by this patch was that we didn't dereference the
parent member of each entry until after the entry was freed and so there
was the potential for reading a junk parent pointer back.

(cherry picked from commit e5d836b84acb35a009854a0cc0892320023789d1)
This commit is contained in:
Robert Bragg 2012-11-27 22:02:56 +00:00
parent 5bc6121cbf
commit 9eb816bc7e

View File

@ -328,8 +328,12 @@ _cogl_matrix_entry_ref (CoglMatrixEntry *entry)
void void
_cogl_matrix_entry_unref (CoglMatrixEntry *entry) _cogl_matrix_entry_unref (CoglMatrixEntry *entry)
{ {
for (; entry && --entry->ref_count <= 0; entry = entry->parent) CoglMatrixEntry *parent;
for (; entry && --entry->ref_count <= 0; entry = parent)
{ {
parent = entry->parent;
switch (entry->op) switch (entry->op)
{ {
case COGL_MATRIX_OP_LOAD_IDENTITY: case COGL_MATRIX_OP_LOAD_IDENTITY: