Bug 94736

Summary: [CSS Shaders] [ANGLE] RenameFunction::RenameFunction may store references to temporary string
Product: WebKit Reporter: Joshua Netterfield <jnetterfield>
Component: CSSAssignee: Max Vujovic <mvujovic>
Status: RESOLVED FIXED    
Severity: Normal CC: achicu, mvujovic, rwlbuis, staikos, webkit.review.bot
Priority: P2    
Version: 528+ (Nightly build)   
Hardware: Unspecified   
OS: Unspecified   
Bug Depends on:    
Bug Blocks: 94728    
Attachments:
Description Flags
Patch none

Description Joshua Netterfield 2012-08-22 11:31:37 PDT 
http://code.google.com/p/angleproject/issues/detail?id=360

When RenameFunction::RenameFunction(const TString& oldFunctionName, const TString& newFunctionName) is called from TCompiler::rewriteCSSShader(TIntermNode*), references to the temporaries oldFunctionName and newFunctionName are stored as mOldFunctionName and mNewFunctionName. This results in undefined behaviour in visitAggregate.

Possible fix in RenameFunction.h:
 private:
-    const TString& mOldFunctionName;
+    const TString mOldFunctionName;
-    const TString& mNewFunctionName;
+    const TString mNewFunctionName;
Comment 1 Max Vujovic 2012-08-22 13:47:37 PDT 
Good catch. Thanks Joshua. We'll fix this in ANGLE first.
Comment 2 Joshua Netterfield 2012-08-23 15:30:06 PDT 
Created attachment 160263 [details]
Patch
Comment 3 Max Vujovic 2012-08-23 15:41:17 PDT 
Thanks for the patch! FYI, you don't need to worry about the style bot when you're touching ANGLE code. We have bug 90909 to teach the style bot to ignore the ANGLE directory.
Comment 4 George Staikos 2012-08-24 07:39:15 PDT 
(In reply to comment #1)
> Good catch. Thanks Joshua. We'll fix this in ANGLE first.

Are you saying you would rather the patch not land here but instead in ANGLE first?
Comment 5 Joshua Netterfield 2012-08-24 07:42:28 PDT 
The whole ANGLE directory gets replaced with the latest version from Google every once in a while. IMO, there's no point in updating all of ANGLE just for this.
Comment 6 Max Vujovic 2012-08-24 09:26:02 PDT 
(In reply to comment #4)
> (In reply to comment #1)
> > Good catch. Thanks Joshua. We'll fix this in ANGLE first.
> 
> Are you saying you would rather the patch not land here but instead in ANGLE first?

That's what I was saying, but I think it's fine to land this now, since we have a patch prepped for ANGLE already.

(In reply to comment #5)
> The whole ANGLE directory gets replaced with the latest version from Google every once in a while. IMO, there's no point in updating all of ANGLE just for this.

I totally agree.
Comment 7 WebKit Review Bot 2012-08-24 14:36:41 PDT 
Comment on attachment 160263 [details]
Patch

Clearing flags on attachment: 160263

Committed r126625: <http://trac.webkit.org/changeset/126625>
Comment 8 WebKit Review Bot 2012-08-24 14:36:45 PDT 
All reviewed patches have been landed.  Closing bug.
Comment 9 Max Vujovic 2012-08-27 13:54:15 PDT 
Fix has been upstreamed in ANGLE r1266: 
http://code.google.com/p/angleproject/source/detail?r=1266