© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
f33e652
(Get the code!)
Attached patch fully fixes the issue (no more warnings, no more crashing).
1. The code stores the old layer temporarily and looks for the next one to set as the active layer.
2. It incorrectly identifies the existing layer's last child as the new layer. BAD
3. The old layer gets deleted. Destructor called, children deleted as well.
4. Dangling pointer to freed memory at child address
5. Object is attempted to be used (typeof operator for __dynamic_cast())
6. crash
The patch interferes at step 2 by detecting if the layer to be made active is the last child of the old layer. If it is, it throws it out as a possibility and prevents the warning/crash.