From 771cfe6f172820a1a370255cb74e066913408a6f Mon Sep 17 00:00:00 2001 From: Jason Barron Date: Tue, 24 Aug 2010 17:00:59 +0200 Subject: Fix crash in OpenVG when failing to allocate large VGImages. The reclaimSpace() function of the VG image pool was crashing when attempting to free up space for a large image. It was calling moveToHeadOfLRU() which adds the image to the pool. If the pixmap is large enough so that it pushes all the others out, then it will be the only pixmap left in the pool when this function returns. This is problematic because this pixmap is not permanent so it could be deleted. If that happens, then subsequent calls to this function will crash because the LRU pixmap has been deleted. The fix is to check if the pixmap was in the pool to begin with and if not, then be sure to remove it before returning from this function. Task-number: QT-3652 Reviewed-by: Jani Hautakangas --- src/openvg/qvgimagepool.cpp | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/src/openvg/qvgimagepool.cpp b/src/openvg/qvgimagepool.cpp index 78277aa..0c236ea 100644 --- a/src/openvg/qvgimagepool.cpp +++ b/src/openvg/qvgimagepool.cpp @@ -154,16 +154,23 @@ bool QVGImagePool::reclaimSpace(VGImageFormat format, Q_UNUSED(width); Q_UNUSED(height); - if (data) + bool succeeded = false; + bool wasInLRU = false; + if (data) { + wasInLRU = data->inLRU; moveToHeadOfLRU(data); + } QVGPixmapData *lrudata = pixmapLRU(); if (lrudata && lrudata != data) { lrudata->reclaimImages(); - return true; + succeeded = true; } - return false; + if (data && !wasInLRU) + removeFromLRU(data); + + return succeeded; } void QVGImagePool::hibernate() -- cgit v0.12