From 53f694b34a8d584ce0b6bbc1903730f43bdb3538 Mon Sep 17 00:00:00 2001
From: Brandon Jones <brandon1.jones@intel.com>
Date: Thu, 16 Apr 2020 23:59:03 +0000
Subject: [PATCH] Fix ASAN violation when a heap outlives the ResidencyManager

It's possible for a heap in the residency LRU to outlive the
ResidencyManager. When this happens, some heap in the LRU will be
referencing the LRU head node. On destruction, the outstanding heap
will attempt to access the LRU head node after the memory has been
freed. This commit removes the LinkedList head node from the list
within the LinkedList destructor to fix the bug.

Bug: dawn:387
Change-Id: I13617d1b4e464e1541f989f31caecd4305037019
Reviewed-on: https://dawn-review.googlesource.com/c/dawn/+/19581
Reviewed-by: Rafael Cintron <rafael.cintron@microsoft.com>
Reviewed-by: Austin Eng <enga@chromium.org>
Commit-Queue: Brandon Jones <brandon1.jones@intel.com>
---
 src/common/LinkedList.h | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/src/common/LinkedList.h b/src/common/LinkedList.h
index 7c0a413966..69fcf78ab2 100644
--- a/src/common/LinkedList.h
+++ b/src/common/LinkedList.h
@@ -166,6 +166,13 @@ class LinkedList {
     LinkedList() : root_(&root_, &root_) {
     }
 
+    ~LinkedList() {
+        // If any LinkNodes still exist in the LinkedList, there will be outstanding references to
+        // root_ even after it has been freed. We should remove root_ from the list to prevent any
+        // future access.
+        root_.RemoveFromList();
+    }
+
     // Appends |e| to the end of the linked list.
     void Append(LinkNode<T>* e) {
         e->InsertBefore(&root_);