griefith/test
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

Fix: Use after free after recent image pool lock cleanup

Browse Source 
Caused by 9a5a5c35c7.
We need to release the lock before freeing it.
This commit is contained in:
Hans Goudey
2025-05-08 11:46:17 -04:00
parent 9128348e48
commit 12decaf13c
1 changed files with 11 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
source/blender/blenkernel/intern/image.cc
View File

@@ -4986,19 +4986,20 @@ ImagePool *BKE_image_pool_new()
void BKE_image_pool_free(ImagePool *pool)
{
/* Use single lock to dereference all the image buffers. */
std::scoped_lock lock(pool->mutex);
for (ImagePoolItem *item = static_cast<ImagePoolItem *>(pool->image_buffers.first);
item != nullptr;
item = item->next)
{
if (item->ibuf != nullptr) {
std::scoped_lock lock(item->image->runtime->cache_mutex);
IMB_freeImBuf(item->ibuf);
std::scoped_lock lock(pool->mutex);
for (ImagePoolItem *item = static_cast<ImagePoolItem *>(pool->image_buffers.first);
item != nullptr;
item = item->next)
{
if (item->ibuf != nullptr) {
std::scoped_lock lock(item->image->runtime->cache_mutex);
IMB_freeImBuf(item->ibuf);
}
}
BLI_mempool_destroy(pool->memory_pool);
}
BLI_mempool_destroy(pool->memory_pool);
MEM_delete(pool);
}