Do not access an invalidated reference in media::WebMListParser::OnListEnd().

This was detected by ASan's new container-overflow feature. BUG=409051 R=acolwell@chromium.org Review URL: https://codereview.chromium.org/516283004 Cr-Commit-Position: refs/heads/master@{#292674}

Do not access an invalidated reference in media::WebMListParser::OnListEnd().
This was detected by ASan's new container-overflow feature. BUG=409051 R=acolwell@chromium.org Review URL: https://codereview.chromium.org/516283004 Cr-Commit-Position: refs/heads/master@{#292674}
96ec01dc · earthdok · Commit bot · bbb87513 · 96ec01dc
Commit 96ec01dc authored Aug 29, 2014 by earthdok Committed by Commit bot Aug 29, 2014
Hide whitespace changes
Inline Side-by-side

Showing with 4 additions and 3 deletions

media/formats/webm/webm_parser.cc media/formats/webm/webm_parser.cc +4 -3

No files found.
--- a/media/formats/webm/webm_parser.cc
+++ b/media/formats/webm/webm_parser.cc
@@ -907,13 +907,14 @@ bool WebMListParser::OnListEnd() {
  int lists_ended = 0;
  for (; !list_state_stack_.empty(); ++lists_ended) {
    const ListState& list_state = list_state_stack_.back();
+    int64 bytes_parsed = list_state.bytes_parsed_;
+    int id = list_state.id_;

-    if (list_state.bytes_parsed_ != list_state.size_)
+    if (bytes_parsed != list_state.size_)
      break;

    list_state_stack_.pop_back();

-    int64 bytes_parsed = list_state.bytes_parsed_;
    WebMParserClient* client = NULL;
    if (!list_state_stack_.empty()) {
      // Update the bytes_parsed_ for the parent element.
@@ -923,7 +924,7 @@ bool WebMListParser::OnListEnd() {
      client = root_client_;
    }

-    if (!client->OnListEnd(list_state.id_))
+    if (!client->OnListEnd(id))
      return false;
  }