Fix ASAN violation when a heap outlives the ResidencyManager

It's possible for a heap in the residency LRU to outlive the ResidencyManager. When this happens, some heap in the LRU will be referencing the LRU head node. On destruction, the outstanding heap will attempt to access the LRU head node after the memory has been freed. This commit removes the LinkedList head node from the list within the LinkedList destructor to fix the bug. Bug: dawn:387 Change-Id: I13617d1b4e464e1541f989f31caecd4305037019 Reviewed-on: https://dawn-review.googlesource.com/c/dawn/+/19581 Reviewed-by: Rafael Cintron <rafael.cintron@microsoft.com> Reviewed-by: Austin Eng <enga@chromium.org> Commit-Queue: Brandon Jones <brandon1.jones@intel.com>
2025-07-08 14:15:58 +00:00 · 2020-04-16 23:59:03 +00:00 · 2020-04-16 23:59:03 +00:00 · 53f694b34a
commit 53f694b34a
parent 82ae680ccc
1 changed files with 7 additions and 0 deletions
--- a/src/common/LinkedList.h
+++ b/src/common/LinkedList.h
@ -166,6 +166,13 @@ class LinkedList {
    LinkedList() : root_(&root_, &root_) {
    }

+    ~LinkedList() {
+        // If any LinkNodes still exist in the LinkedList, there will be outstanding references to
+        // root_ even after it has been freed. We should remove root_ from the list to prevent any
+        // future access.
+        root_.RemoveFromList();
+    }
+
    // Appends |e| to the end of the linked list.
    void Append(LinkNode<T>* e) {
        e->InsertBefore(&root_);