AlexIndustrial/mesa
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

r600: Fix use after free in compute_memory_promote_item.

Browse Source 
The dst pointer needs to be initialized after any calls to
 compute_memory_grow_pool, as the function might change the pool->vbo pointer.

This fixes crashes and assertion failures in two gegl tests.

Reviewed-by: Bruno Jiménez <brunojimen@gmail.com>
Signed-off-by: Jan Vesely <jan.vesely@rutgers.edu>
This commit is contained in:
Jan Vesely
2014-06-23 10:39:00 -04:00
committed by Tom Stellard
parent a59f2bb17b
commit 0c181cdc6c
1 changed files with 2 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/gallium/drivers/r600/compute_memory_pool.c
+2 -1
View File
@@ -308,8 +308,8 @@ int compute_memory_promote_item(struct compute_memory_pool *pool,
{
struct pipe_screen *screen = (struct pipe_screen *)pool->screen;
struct r600_context *rctx = (struct r600_context *)pipe;
struct pipe_resource *dst = (struct pipe_resource *)pool->bo;
struct pipe_resource *src = (struct pipe_resource *)item->real_buffer;
struct pipe_resource *dst = NULL;
struct pipe_box box;
struct list_head *pos;
@@ -336,6 +336,7 @@ int compute_memory_promote_item(struct compute_memory_pool *pool,
if (err == -1)
return -1;
}
dst = (struct pipe_resource *)pool->bo;
COMPUTE_DBG(pool->screen, " + Found space for Item %p id = %u "
"start_in_dw = %u (%u bytes) size_in_dw = %u (%u bytes)\n",
item, item->id, start_in_dw, start_in_dw * 4,