dawn/wire: Fix dangling pointer on client::Buffer::mMappedData
Bug: dawn:2345
Change-Id: Icb1572c53ab28916e4e4377ed03980e5c63ae099
Reviewed-on: https://dawn-review.googlesource.com/c/dawn/+/182840
Reviewed-by: Corentin Wallez <cwallez@chromium.org>
Commit-Queue: Jiawei Shao <jiawei.shao@intel.com>
Reviewed-by: Austin Eng <enga@chromium.org>
diff --git a/src/dawn/wire/client/Buffer.cpp b/src/dawn/wire/client/Buffer.cpp
index c824a18..88a4202 100644
--- a/src/dawn/wire/client/Buffer.cpp
+++ b/src/dawn/wire/client/Buffer.cpp
@@ -450,6 +450,7 @@
// for mappedAtCreation usage. It is destroyed on unmap after flush to server
// instead of at buffer destruction.
if (mDestructWriteHandleOnUnmap) {
+ mMappedData = nullptr;
mWriteHandle = nullptr;
if (mReadHandle) {
// If it's both mappedAtCreation and MapRead we need to reset
@@ -544,9 +545,9 @@
mMappedOffset = 0;
mMappedSize = 0;
+ mMappedData = nullptr;
mReadHandle = nullptr;
mWriteHandle = nullptr;
- mMappedData = nullptr;
mMappedState = MapState::Unmapped;
}
diff --git a/src/dawn/wire/client/Buffer.h b/src/dawn/wire/client/Buffer.h
index 5d09f03..e1abeac 100644
--- a/src/dawn/wire/client/Buffer.h
+++ b/src/dawn/wire/client/Buffer.h
@@ -112,8 +112,7 @@
};
std::optional<MapRequest> mPendingMapRequest = std::nullopt;
MapState mMappedState = MapState::Unmapped;
- // TODO(https://crbug.com/dawn/2345): Investigate `DanglingUntriaged` in dawn/wire.
- raw_ptr<void, DanglingUntriaged> mMappedData = nullptr;
+ raw_ptr<void> mMappedData = nullptr;
size_t mMappedOffset = 0;
size_t mMappedSize = 0;
