Fix memory corruption issue when unregistering surfaces

- Iterator was being incremented twice, one when erase() is called (implicit [1]) and another one just after to call erase (explicitly), when unregistering a pid/surface_id. Bug-AGL: SPEC-2078 [1] https://www.techiedelight.com/remove-elements-vector-inside-loop-cpp Change-Id: Ia3cc3981480cf76b839043be49d257d5be011d60 Signed-off-by: Nick Diego Yamane <nickdiego@igalia.com>
author: Nick Diego Yamane <nickdiego@igalia.com> 2018-12-19 03:00:30 -0400
committer: Jan-Simon Moeller <jsmoeller@linuxfoundation.org> 2019-01-15 11:18:39 +0000
commit: 41060cd08cbc3b42ed59b9e117e8769f43295316 (patch)
tree: b0709bab5157d6591fb02bac17cbc0da348020b5
parent: bf18cd6b272f7975e77a577e0b0d246bb2c62964 (diff)
1 files changed, 5 insertions, 8 deletions
diff --git a/src/runxdg.cpp b/src/runxdg.cpp
index 3ff942c..f47c6aa 100644
--- a/src/runxdg.cpp
+++ b/src/runxdg.cpp
@@ -28,6 +28,7 @@
 #include <sys/time.h>
 #include <sys/wait.h>
 
+#include <algorithm>
 #include <cstdio>
 
 #include "cpptoml/cpptoml.h"
@@ -513,14 +514,10 @@ void POSIXLauncher::register_surfpid (pid_t surf_pid)
 
 void POSIXLauncher::unregister_surfpid (pid_t surf_pid)
 {
-  auto itr = m_pid_v.begin();
-  while (itr != m_pid_v.end()) {
-    if (*itr == surf_pid) {
-      m_pid_v.erase(itr++);
-    } else {
-      ++itr;
-    }
-  }
+  auto beg = m_pid_v.begin();
+  auto end = m_pid_v.end();
+  m_pid_v.erase(std::remove(beg, end, surf_pid), end);
+  AGL_DEBUG("Unregistered surface (id=%d sz=%u)", surf_pid, m_pid_v.size());
 }
 
 pid_t POSIXLauncher::find_surfpid_by_rid (pid_t rid)
author	Nick Diego Yamane <nickdiego@igalia.com>	2018-12-19 03:00:30 -0400
committer	Jan-Simon Moeller <jsmoeller@linuxfoundation.org>	2019-01-15 11:18:39 +0000
commit	41060cd08cbc3b42ed59b9e117e8769f43295316 (patch)
tree	b0709bab5157d6591fb02bac17cbc0da348020b5
parent	bf18cd6b272f7975e77a577e0b0d246bb2c62964 (diff)