Fix potential null pointer dereference.

When the compiler does not perform return value optimization, the
LockPtr<> destructor of the temporary object is called after the move
constructor has set the Lock to null, thus causing a null pointer
dereference in the destructor. This can be replicated using the
-fno-elide-constructors build flag.

Change-Id: Ie00c3f93364fdf78ea1993469b9a606b3c87ebdc
Reviewed-on: https://chromium-review.googlesource.com/486985
Reviewed-by: Jim Stichnoth <stichnot@chromium.org>

diff --git a/src/IceDefs.h b/src/IceDefs.h
index 45c20d3..3e6519a 100644 (file)
--- a/src/IceDefs.h
+++ b/src/IceDefs.h
@@ -398,7 +398,10 @@ public:
     Other.Value = nullptr;
     Other.Lock = nullptr;
   }
-  ~LockedPtr() { Lock->unlock(); }
+  ~LockedPtr() {
+    if (Lock != nullptr)
+      Lock->unlock();
+  }
   T *operator->() const { return Value; }
   T &operator*() const { return *Value; }
   T *get() { return Value; }