matrix-stack: getting parent ptr before freeing

When unrefing a CoglMatrixEntry we walk up the ancestry unrefing and freeing entries until we find an entry that doesn't need to be freed. The problem fixed by this patch was that we didn't dereference the parent member of each entry until after the entry was freed and so there was the potential for reading a junk parent pointer back.
author: Robert Bragg <robert@linux.intel.com> 2012-11-27 22:02:56 +0000
committer: Robert Bragg <robert@linux.intel.com> 2012-12-04 19:38:24 +0000
commit: e5d836b84acb35a009854a0cc0892320023789d1 (patch)
tree: 73521bf826e3a764e9549ea595020f56a9b6da6d
parent: 8e201574b9c35847aa4e999a391741538a0b356b (diff)
download: cogl-e5d836b84acb35a009854a0cc0892320023789d1.tar.gz
1 files changed, 5 insertions, 1 deletions
diff --git a/cogl/cogl-matrix-stack.c b/cogl/cogl-matrix-stack.c
index e5ad10d9..4d5b9eb9 100644
--- a/cogl/cogl-matrix-stack.c
+++ b/cogl/cogl-matrix-stack.c
@@ -328,8 +328,12 @@ _cogl_matrix_entry_ref (CoglMatrixEntry *entry)
 void
 _cogl_matrix_entry_unref (CoglMatrixEntry *entry)
 {
-  for (; entry && --entry->ref_count <= 0; entry = entry->parent)
+  CoglMatrixEntry *parent;
+
+  for (; entry && --entry->ref_count <= 0; entry = parent)
     {
+      parent = entry->parent;
+
       switch (entry->op)
         {
         case COGL_MATRIX_OP_LOAD_IDENTITY:
author	Robert Bragg <robert@linux.intel.com>	2012-11-27 22:02:56 +0000
committer	Robert Bragg <robert@linux.intel.com>	2012-12-04 19:38:24 +0000
commit	e5d836b84acb35a009854a0cc0892320023789d1 (patch)
tree	73521bf826e3a764e9549ea595020f56a9b6da6d
parent	8e201574b9c35847aa4e999a391741538a0b356b (diff)
download	cogl-e5d836b84acb35a009854a0cc0892320023789d1.tar.gz