<html>
    <head>
      <base href="https://bugs.freedesktop.org/" />
    </head>
    <body><table border="1" cellspacing="0" cellpadding="8">
        <tr>
          <th>Priority</th>
          <td>medium
          </td>
        </tr>

        <tr>
          <th>Bug ID</th>
          <td><a class="bz_bug_link 
          bz_status_NEW "
   title="NEW --- - Memory allocations from heap which fail cause crash"
   href="https://bugs.freedesktop.org/show_bug.cgi?id=80164">80164</a>
          </td>
        </tr>

        <tr>
          <th>Assignee</th>
          <td>idr@freedesktop.org
          </td>
        </tr>

        <tr>
          <th>Summary</th>
          <td>Memory allocations from heap which fail cause crash
          </td>
        </tr>

        <tr>
          <th>QA Contact</th>
          <td>intel-3d-bugs@lists.freedesktop.org
          </td>
        </tr>

        <tr>
          <th>Severity</th>
          <td>critical
          </td>
        </tr>

        <tr>
          <th>Classification</th>
          <td>Unclassified
          </td>
        </tr>

        <tr>
          <th>OS</th>
          <td>Linux (All)
          </td>
        </tr>

        <tr>
          <th>Reporter</th>
          <td>jon@lunarg.com
          </td>
        </tr>

        <tr>
          <th>Hardware</th>
          <td>x86-64 (AMD64)
          </td>
        </tr>

        <tr>
          <th>Status</th>
          <td>NEW
          </td>
        </tr>

        <tr>
          <th>Version</th>
          <td>10.1
          </td>
        </tr>

        <tr>
          <th>Component</th>
          <td>Drivers/DRI/i965
          </td>
        </tr>

        <tr>
          <th>Product</th>
          <td>Mesa
          </td>
        </tr></table>
      <p>
        <div>
        <pre>Created <span class=""><a href="attachment.cgi?id=101269" name="attach_101269" title="List of i965 driver source lines that show the issue">attachment 101269</a> <a href="attachment.cgi?id=101269&action=edit" title="List of i965 driver source lines that show the issue">[details]</a></span>
List of i965 driver source lines that show the issue

i965 driver has various uses  of malloc/calloc/new which can return a NULL
pointer
but the driver code fails to check for NULL pointer  or causes an assert on
NULL
pointer.  In some virtualized environments, the libGL memory  pool is limited 
so can easily cause crashes by dereference a NULL pointer.  I have a long list
(~150) of likely code lines that need to be fixed in i965 driver, see attached.
Instead of crashing a glError should be returned when out of memory.

Crashes can be forced in Linux by using ulimit.</pre>
        </div>
      </p>
      <hr>
      <span>You are receiving this mail because:</span>
      
      <ul>
          <li>You are the QA Contact for the bug.</li>
      </ul>
    </body>
</html>