From 1970953c90a081aa6c02421b2ade71ea6e79fa7f Mon Sep 17 00:00:00 2001 From: Campbell Barton Date: Jul 13 2016 09:55:14 +0000 Subject: Fix use-after free on render (#612) --- diff --git a/toonz/sources/common/tfx/trenderer.cpp b/toonz/sources/common/tfx/trenderer.cpp index 11737bc..afe6f30 100644 --- a/toonz/sources/common/tfx/trenderer.cpp +++ b/toonz/sources/common/tfx/trenderer.cpp @@ -1107,6 +1107,7 @@ void RenderTask::onFinished(TThread::RunnableP) { // Update the render instance status bool instanceExpires = false; + bool isCanceled = false; { QMutexLocker sl(&rendererImp->m_renderInstancesMutex); std::map::iterator it = @@ -1115,14 +1116,15 @@ void RenderTask::onFinished(TThread::RunnableP) { if (it != rendererImp->m_activeInstances.end() && (--it->second.m_activeTasks) <= 0) { instanceExpires = true; + isCanceled = (m_info.m_isCanceled && *m_info.m_isCanceled); rendererImp->m_activeInstances.erase(m_renderId); + // m_info is freed, don't access further! } } // If the render instance has just expired if (instanceExpires) { /*-- キャンセルされた場合はm_overallRenderedRegionの更新をしない --*/ - bool isCanceled = (m_info.m_isCanceled && *m_info.m_isCanceled); // Inform the render ports rendererImp->notifyRenderFinished(isCanceled);