Fix potential null pointer dereference. When the compiler does not perform return value optimization, the LockPtr<> destructor of the temporary object is called after the move constructor has set the Lock to null, thus causing a null pointer dereference in the destructor. This can be replicated using the -fno-elide-constructors build flag. Change-Id: Ie00c3f93364fdf78ea1993469b9a606b3c87ebdc Reviewed-on: https://chromium-review.googlesource.com/486985 Reviewed-by: Jim Stichnoth <stichnot@chromium.org>

commit: 6c629dc303ddbb76edc70832073bc22657783079 [log] [tgz]
author: Nicolas Capens <capn@google.com> Tue Apr 25 16:41:00 2017 -0400
committer: Nicolas Capens <nicolascapens@google.com> Tue Apr 25 21:01:16 2017 +0000
tree: 8568ddd5d634fa91ea9f9078b14b1b07acccce02
parent: 47b6ba6db7c8b8dd36ac54dbd19ae7b4a5b77424 [diff]
diff --git a/src/IceDefs.h b/src/IceDefs.h
index 45c20d3..3e6519a 100644
--- a/src/IceDefs.h
+++ b/src/IceDefs.h

@@ -398,7 +398,10 @@
     Other.Value = nullptr;
     Other.Lock = nullptr;
   }
-  ~LockedPtr() { Lock->unlock(); }
+  ~LockedPtr() {
+    if (Lock != nullptr)
+      Lock->unlock();
+  }
   T *operator->() const { return Value; }
   T &operator*() const { return *Value; }
   T *get() { return Value; }
commit	6c629dc303ddbb76edc70832073bc22657783079	[log] [tgz]
author	Nicolas Capens <capn@google.com>	Tue Apr 25 16:41:00 2017 -0400
committer	Nicolas Capens <nicolascapens@google.com>	Tue Apr 25 21:01:16 2017 +0000
tree	8568ddd5d634fa91ea9f9078b14b1b07acccce02
parent	47b6ba6db7c8b8dd36ac54dbd19ae7b4a5b77424 [diff]