[Backport] CVE-2022-1639: Use after free in ANGLE

Manual cherry-pick of patch originally reviewed on
https://chromium-review.googlesource.com/c/angle/angle/+/3594250:
Fix validate state cache after XFB buffer deleted.

Bug: chromium:1317650
Change-Id: Iec9f1167c3b2957091dd0f4ef3efcfcd7c4bf3c0
Reviewed-by: Shahbaz Youssefi <syoussefi@chromium.org>
Auto-Submit: Jamie Madill <jmadill@chromium.org>
Commit-Queue: Jamie Madill <jmadill@chromium.org>
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>

1 files changed, 1 insertions, 4 deletions

diff --git a/chromium/third_party/angle/src/libANGLE/State.cpp b/chromium/third_party/angle/src/libANGLE/State.cpp
index 683cb0635cd..af92252fc08 100644
--- a/chromium/third_party/angle/src/libANGLE/State.cpp
+++ b/chromium/third_party/angle/src/libANGLE/State.cpp
@@ -2111,10 +2111,7 @@ angle::Result State::detachBuffer(Context *context, const Buffer *buffer)
     if (curTransformFeedback)
     {
         ANGLE_TRY(curTransformFeedback->detachBuffer(context, bufferID));
-        if (isTransformFeedbackActiveUnpaused())
-        {
-            context->getStateCache().onActiveTransformFeedbackChange(context);
-        }
+        context->getStateCache().onActiveTransformFeedbackChange(context);
     }
 
     if (getVertexArray()->detachBuffer(context, bufferID))