From 68024fc0cc6d05c5a7b59e49bda64fc157757506 Mon Sep 17 00:00:00 2001
From: Axel Davy <davyaxel0@gmail.com>
Date: Sun, 28 Mar 2021 18:30:40 +0200
Subject: [PATCH] st/nine: Fix reading invalid pointer
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Apparently it is incorrect to use the pointer in
LIST_FOR_EACH_ENTRY like I used to.
Found with asan.

Signed-off-by: Axel Davy <davyaxel0@gmail.com>
Acked-by: Timur Kristóf <timur.kristof@gmail.com>
Part-of: <https://gitlab.freedesktop.org/mesa/mesa/-/merge_requests/10160>
---
 src/gallium/frontends/nine/nine_memory_helper.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/src/gallium/frontends/nine/nine_memory_helper.c b/src/gallium/frontends/nine/nine_memory_helper.c
index ac9cde8a78a..6cf1fdaa899 100644
--- a/src/gallium/frontends/nine/nine_memory_helper.c
+++ b/src/gallium/frontends/nine/nine_memory_helper.c
@@ -367,12 +367,13 @@ static void move_region_ordered(struct list_head *tail, struct nine_memfd_file_r
 
 static void move_region_ordered_merge(struct nine_allocator *allocator, struct list_head *tail, struct nine_memfd_file_region *region)
 {
-    struct nine_memfd_file_region *cur_region = NULL, *prev_region = NULL;
+    struct nine_memfd_file_region *p, *cur_region = NULL, *prev_region = NULL;
 
     /* Remove from previous list (if any) */
     list_delinit(&region->list);
 
-    LIST_FOR_EACH_ENTRY(cur_region, tail, list) {
+    LIST_FOR_EACH_ENTRY(p, tail, list) {
+        cur_region = p;
         if (cur_region->offset > region->offset)
             break;
         prev_region = cur_region;