Compiz

Coverity USE_AFTER_FREE - CID 12601 - plugins/animation/src/private.h - in function: FocusFadeAnim::~FocusFadeAnim() - "RestackAnim::~RestackAnim()" frees "this->texturesCache". Calling "FadeAnim::~FadeAnim()" frees pointer "this->texturesCache" which has already been freed.

Bug #1101601 reported by Product Strategy Coverity Bug Uploader on 2013-01-18

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	Compiz	Invalid	High	Unassigned

Bug Description

This bug is exported from the Coverity Integration Manager on Canonical's servers. For information on how this is done please see this website: https://wiki.ubuntu.com/CanonicalProductStrategy/Coverity
CID: 12601
Checker: USE_AFTER_FREE
Category: double_free
CWE definition: http://cwe.mitre.org/data/definitions/672.html
File: /tmp/buildd/compiz-0.9.9~daily13.01.14/plugins/animation/src/private.h
Function: FocusFadeAnim::~FocusFadeAnim()
Code snippet:
642 int mVisitCount; ///< how many times walker/glPaint has visited this window
643 bool mIsSecondary; ///< whether this is one of the secondary (non-topmost) in its restack chain
644 };
645
CID 12601 - USE_AFTER_FREE
"RestackAnim::~RestackAnim()" frees "this->texturesCache".
Calling "FadeAnim::~FadeAnim()" frees pointer "this->texturesCache" which has already been freed.
646 class FocusFadeAnim :
647 public RestackAnim,
648 public FadeAnim
649 {
650 public:
651 FocusFadeAnim (CompWindow *w,

Tags:

Revision history for this message

Product Strategy Coverity Bug Uploader (coverity-uploader) wrote on 2013-01-18: compiz-0.9.9: /tmp/buildd/compiz-0.9.9~daily13.01.14/plugins/animation/src/private.h

compiz-0.9.9: /tmp/buildd/compiz-0.9.9~daily13.01.14/plugins/animation/src/private.h Edit (115.2 KiB, text/html)

Source file with Coverity annotations.

Changed in compiz:
importance:	Undecided → High

MC Return (mc-return) on 2013-07-06

summary:	- Coverity USE_AFTER_FREE - CID 12601 + Coverity USE_AFTER_FREE - CID 12601 - plugins/animation/src/private.h - + in function: FocusFadeAnim::~FocusFadeAnim() - + "RestackAnim::~RestackAnim()" frees "this->texturesCache". Calling + "FadeAnim::~FadeAnim()" frees pointer "this->texturesCache" which has + already been freed.
Changed in compiz:
milestone:	none → 0.9.10.0

MC Return (mc-return) on 2013-07-24

Changed in compiz:
milestone:	0.9.10.0 → 0.9.11.0

Stephen M. Webb (bregma) on 2013-10-13

Changed in compiz:
status:	New → Triaged

Stephen M. Webb (bregma) on 2014-10-29

no longer affects:	compiz/0.9.9
no longer affects:	compiz/0.9.10
Changed in compiz:
milestone:	0.9.11.0 → 0.9.12.0

Stephen M. Webb (bregma) on 2014-11-06

Changed in compiz:
milestone:	0.9.12.0 → 0.9.12.1

Revision history for this message

Stephen M. Webb (bregma) wrote on 2014-12-02:

False positive. Coverity is not detecting the virtual inheritance of the Animation base class which contains and frees the texturesCache member.

Changed in compiz:
milestone:	0.9.12.1 → none
status:	Triaged → Invalid

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Bug attachments

compiz-0.9.9: /tmp/buildd/compiz-0.9.9~daily13.01.14/plugins/animation/src/private.h Edit

Add attachment

Remote bug watches

Bug watches keep track of this bug in other bug trackers.