Commit 80b2411a1e5cc8e3e7b1b92d82f18969ac79e045
2015-08-25T16:41:57
Context: directly delete the resource instead of also detaching Otherwise when detaching vertex array 0 and N the following would happen: - call Context::deleteVertexArray(0) - call Context::detachVertexArray(0) - call State::removeVertexArrayBinding(0) set mVertexArray to nullptr, returns true - call State::bindVertexArray(0) reset mVertexArray to its previous value - call Context::deleteVertexArray(n) - call Context::detachVertexArray(n) - call State::removeVertexArrayBinding(n) Incorrectly call mVertexArray->id() which is a use after free. BUG=angleproject:1137 Change-Id: I594044fee6c90b1775a61943b15df92bf323ff2a Reviewed-on: https://chromium-review.googlesource.com/295123 Reviewed-by: Jamie Madill <jmadill@chromium.org> Reviewed-by: Geoff Lang <geofflang@chromium.org> Tested-by: Corentin Wallez <cwallez@chromium.org>