From c2a1817c704a2e7109c823c8b847731e12f647e9 Mon Sep 17 00:00:00 2001 From: David Smith Date: Sun, 24 Jul 2022 22:46:03 +0200 Subject: [PATCH] Profiler: Fix use after free in FlameGraphView Layout cleared the list of bars in the flame graph, but didn't clear the reference m_hovered_bar. This could cause a crash in mousedown_event() when clicking twice: the first click caused layout, the second used the old reference. --- Userland/DevTools/Profiler/FlameGraphView.cpp | 1 + 1 file changed, 1 insertion(+) diff --git a/Userland/DevTools/Profiler/FlameGraphView.cpp b/Userland/DevTools/Profiler/FlameGraphView.cpp index 351b9c9b15..df2e84b936 100644 --- a/Userland/DevTools/Profiler/FlameGraphView.cpp +++ b/Userland/DevTools/Profiler/FlameGraphView.cpp @@ -165,6 +165,7 @@ String FlameGraphView::bar_label(StackBar const& bar) const void FlameGraphView::layout_bars() { m_bars.clear(); + m_hovered_bar = nullptr; // Explicit copy here so the layout can mutate Vector selected = m_selected_indexes;