-
Robert Sesek authored
Without this, reset()ing a ScopedTypeRef with a temporary ScopedTypeRef results in the receiver storing a dead pointer. This is because the reset(element_type) method causes implicit conversion of argument ScopedTypeRef via |operator element_type()|, with the receiver assuming ownership rather than retaining. As an example, prior to this change, the following snippet would leave |member_| holding a dead pointer: member_.reset(base::ScopedCFTypeRef<CFStringRef>( CFStringCreateCopy(NULL, CFSTR("Use-after-free")))); Bug: 1100258 Change-Id: I528b6b32d0bd4ac1f91978dde39e818bef41cdd5 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2277000 Commit-Queue: Robert Sesek <rsesek@chromium.org> Reviewed-by:Mark Mentovai <mark@chromium.org> Cr-Commit-Position: refs/heads/master@{#784432}
a715453a
