[Beignet] [PATCH 03/12] runtime: error handling to avoid null pointer dereference.
xionghu.luo at intel.com
xionghu.luo at intel.com
Thu May 5 16:11:46 UTC 2016
From: Luo Xionghu <xionghu.luo at intel.com>
Signed-off-by: Luo Xionghu <xionghu.luo at intel.com>
---
src/cl_device_id.c | 2 ++
src/cl_event.c | 28 ++++++++++++++++++----------
src/cl_extensions.c | 2 +-
src/cl_mem.c | 7 +++++--
src/cl_thread.c | 14 ++++++++++++++
src/cl_utils.h | 10 ++++++++++
src/intel/intel_gpgpu.c | 4 +++-
src/performance.c | 3 +++
src/x11/dricommon.c | 6 +++++-
9 files changed, 61 insertions(+), 15 deletions(-)
diff --git a/src/cl_device_id.c b/src/cl_device_id.c
index f8e06e2..00d014b 100644
--- a/src/cl_device_id.c
+++ b/src/cl_device_id.c
@@ -661,6 +661,8 @@ cl_self_test(cl_device_id device, cl_self_test_res atomic_in_l3_flag)
return ret;
tested = 1;
ctx = clCreateContext(NULL, 1, &device, NULL, NULL, &status);
+ if(!ctx)
+ return ret;
cl_driver_set_atomic_flag(ctx->drv, atomic_in_l3_flag);
if (status == CL_SUCCESS) {
queue = clCreateCommandQueue(ctx, device, 0, &status);
diff --git a/src/cl_event.c b/src/cl_event.c
index d2aee1e..a2aacea 100644
--- a/src/cl_event.c
+++ b/src/cl_event.c
@@ -76,6 +76,11 @@ cl_event_is_gpu_command_type(cl_command_type type)
int cl_event_flush(cl_event event)
{
int err = CL_SUCCESS;
+ if(!event) {
+ err = CL_INVALID_VALUE;
+ return err;
+ }
+
assert(event->gpgpu_event != NULL);
if (event->gpgpu) {
err = cl_command_queue_flush_gpgpu(event->queue, event->gpgpu);
@@ -303,7 +308,7 @@ void cl_event_new_enqueue_callback(cl_event event,
{
enqueue_callback *cb, *node;
user_event *user_events, *u_ev;
- cl_command_queue queue = event->queue;
+ cl_command_queue queue = event ? event->queue : NULL;
cl_int i;
cl_int err = CL_SUCCESS;
@@ -362,9 +367,10 @@ void cl_event_new_enqueue_callback(cl_event event,
/* Insert the user event to enqueue_callback's wait_user_events */
TRY(cl_event_insert_user_event, &cb->wait_user_events, event_wait_list[i]);
cl_event_add_ref(event_wait_list[i]);
- cl_command_queue_insert_event(event->queue, event_wait_list[i]);
- if(data->type == EnqueueBarrier){
- cl_command_queue_insert_barrier_event(event->queue, event_wait_list[i]);
+ if(queue)
+ cl_command_queue_insert_event(queue, event_wait_list[i]);
+ if(queue && data->type == EnqueueBarrier){
+ cl_command_queue_insert_barrier_event(queue, event_wait_list[i]);
}
} else if(event_wait_list[i]->enqueue_cb != NULL) {
user_events = event_wait_list[i]->enqueue_cb->wait_user_events;
@@ -386,20 +392,22 @@ void cl_event_new_enqueue_callback(cl_event event,
/* Insert the user event to enqueue_callback's wait_user_events */
TRY(cl_event_insert_user_event, &cb->wait_user_events, user_events->event);
cl_event_add_ref(user_events->event);
- cl_command_queue_insert_event(event->queue, user_events->event);
- if(data->type == EnqueueBarrier){
+ if(queue)
+ cl_command_queue_insert_event(event->queue, user_events->event);
+ if(queue && data->type == EnqueueBarrier){
cl_command_queue_insert_barrier_event(event->queue, user_events->event);
}
user_events = user_events->next;
}
}
}
- if(data->queue != NULL && event->gpgpu_event != NULL) {
+ if(event != NULL && event->queue != NULL && event->gpgpu_event != NULL) {
event->gpgpu = cl_thread_gpgpu_take(event->queue);
data->ptr = (void *)event->gpgpu_event;
}
cb->data = *data;
- event->enqueue_cb = cb;
+ if(event)
+ event->enqueue_cb = cb;
exit:
return;
@@ -595,12 +603,12 @@ cl_int cl_event_marker_with_wait_list(cl_command_queue queue,
if(num_events_in_wait_list > 0){
if(cl_event_wait_events(num_events_in_wait_list, event_wait_list, queue) == CL_ENQUEUE_EXECUTE_DEFER) {
data.type = EnqueueMarker;
- cl_event_new_enqueue_callback(*event, &data, num_events_in_wait_list, event_wait_list);
+ cl_event_new_enqueue_callback(event?*event:NULL, &data, num_events_in_wait_list, event_wait_list);
return CL_SUCCESS;
}
} else if(queue->wait_events_num > 0) {
data.type = EnqueueMarker;
- cl_event_new_enqueue_callback(*event, &data, queue->wait_events_num, queue->wait_events);
+ cl_event_new_enqueue_callback(event?*event:NULL, &data, queue->wait_events_num, queue->wait_events);
return CL_SUCCESS;
}
diff --git a/src/cl_extensions.c b/src/cl_extensions.c
index b35ea30..349f2f1 100644
--- a/src/cl_extensions.c
+++ b/src/cl_extensions.c
@@ -134,7 +134,7 @@ cl_intel_platform_enable_extension(cl_device_id device, uint32_t ext)
}
/* already enabled, skip. */
- if (strstr(device->extensions, ext_str))
+ if (ext_str && strstr(device->extensions, ext_str))
ext_str = NULL;
if (ext_str) {
diff --git a/src/cl_mem.c b/src/cl_mem.c
index 5d28fa9..229bc0a 100644
--- a/src/cl_mem.c
+++ b/src/cl_mem.c
@@ -938,10 +938,10 @@ _cl_mem_new_image(cl_context ctx,
0, 0, 0);
/* Copy the data if required */
- if (flags & CL_MEM_COPY_HOST_PTR)
+ if (flags & CL_MEM_COPY_HOST_PTR && data)
cl_mem_copy_image(cl_mem_image(mem), pitch, slice_pitch, data);
- if (flags & CL_MEM_USE_HOST_PTR) {
+ if (flags & CL_MEM_USE_HOST_PTR && data) {
mem->host_ptr = data;
cl_mem_image(mem)->host_row_pitch = pitch;
cl_mem_image(mem)->host_slice_pitch = slice_pitch;
@@ -1417,6 +1417,9 @@ cl_mem_copy(cl_command_queue queue, cl_mem src_buf, cl_mem dst_buf,
cl_internal_copy_buf_unalign_src_offset_str,
(size_t)cl_internal_copy_buf_unalign_src_offset_str_size, NULL);
+ if (!ker)
+ return CL_OUT_OF_RESOURCES;
+
cl_kernel_set_arg(ker, 0, sizeof(cl_mem), &src_buf);
cl_kernel_set_arg(ker, 1, sizeof(int), &dw_src_offset);
cl_kernel_set_arg(ker, 2, sizeof(cl_mem), &dst_buf);
diff --git a/src/cl_thread.c b/src/cl_thread.c
index 5e5a351..9614dfd 100644
--- a/src/cl_thread.c
+++ b/src/cl_thread.c
@@ -75,6 +75,12 @@ static thread_spec_data * __create_thread_spec_data(cl_command_queue queue, int
if (i == thread_array_num) {
thread_array_num *= 2;
thread_slot_map = realloc(thread_slot_map, sizeof(int) * thread_array_num);
+
+ if(thread_slot_map == NULL) {
+ pthread_mutex_unlock(&thread_queue_map_lock);
+ return NULL;
+ }
+
memset(thread_slot_map + thread_array_num/2, 0, sizeof(int) * (thread_array_num/2));
thread_id = thread_array_num/2;
}
@@ -91,6 +97,12 @@ static thread_spec_data * __create_thread_spec_data(cl_command_queue queue, int
thread_private->threads_data_num = thread_array_num;
thread_private->threads_data = realloc(thread_private->threads_data,
thread_private->threads_data_num * sizeof(void *));
+
+ if(thread_private->threads_data == NULL) {
+ pthread_mutex_unlock(&thread_private->thread_data_lock);
+ return NULL;
+ }
+
memset(thread_private->threads_data + old_num, 0,
sizeof(void*) * (thread_private->threads_data_num - old_num));
}
@@ -164,6 +176,8 @@ void* cl_thread_data_create(void)
cl_gpgpu cl_get_thread_gpgpu(cl_command_queue queue)
{
thread_spec_data* spec = __create_thread_spec_data(queue, 1);
+ if(!spec)
+ return NULL;
if (!spec->thread_magic && spec->thread_magic != thread_magic) {
//We may get the slot from last thread. So free the resource.
diff --git a/src/cl_utils.h b/src/cl_utils.h
index 0934d5f..2926611 100644
--- a/src/cl_utils.h
+++ b/src/cl_utils.h
@@ -169,6 +169,11 @@ IMAGE = cl_mem_image(MEM); \
const size_t *REGION; \
size_t REGION ##_REC[3]; \
do { \
+ if (PREGION == NULL) \
+ { \
+ err = CL_INVALID_VALUE; \
+ goto error; \
+ } \
if (IMAGE->image_type == CL_MEM_OBJECT_IMAGE1D_ARRAY) { \
REGION ##_REC[0] = PREGION[0]; \
REGION ##_REC[1] = 1; \
@@ -188,6 +193,11 @@ do { \
const size_t *REGION; \
size_t REGION ##_REC[3]; \
do { \
+ if (PREGION == NULL) \
+ { \
+ err = CL_INVALID_VALUE; \
+ goto error; \
+ } \
if (IMAGE->image_type == CL_MEM_OBJECT_IMAGE1D_ARRAY) { \
REGION ##_REC[0] = PREGION[0]; \
REGION ##_REC[1] = 0; \
diff --git a/src/intel/intel_gpgpu.c b/src/intel/intel_gpgpu.c
index f9ff4a0..39b7e4d 100644
--- a/src/intel/intel_gpgpu.c
+++ b/src/intel/intel_gpgpu.c
@@ -180,6 +180,9 @@ void intel_gpgpu_delete_all(intel_driver_t *drv)
static void
intel_gpgpu_delete(intel_gpgpu_t *gpgpu)
{
+ if (gpgpu == NULL)
+ return;
+
intel_driver_t *drv = gpgpu->drv;
struct intel_gpgpu_node *p, *node;
@@ -205,7 +208,6 @@ intel_gpgpu_delete(intel_gpgpu_t *gpgpu)
drv->gpgpu_list = drv->gpgpu_list->next;
intel_gpgpu_delete_finished(node->gpgpu);
cl_free(node);
- node = p->next;
}
}
if (gpgpu == NULL)
diff --git a/src/performance.c b/src/performance.c
index 85cd481..28bd6c6 100644
--- a/src/performance.c
+++ b/src/performance.c
@@ -280,6 +280,9 @@ static void insert(cl_context context, const char *kernel_name, const char *buil
}
context_storage_node *p_context = find_context(context);
kernel_storage_node *p_kernel = find_kernel(p_context, kernel_name, build_opt);
+ if(!p_kernel)
+ return;
+
prev_context_pointer = p_context;
prev_kernel_pointer = p_kernel;
p_kernel->kernel_times[p_kernel->current_count++] = time;
diff --git a/src/x11/dricommon.c b/src/x11/dricommon.c
index 16f50e4..98eb713 100644
--- a/src/x11/dricommon.c
+++ b/src/x11/dricommon.c
@@ -68,6 +68,9 @@ dri_state_do_drawable_hash(dri_state_t *state, XID drawable)
}
dri_drawable = dri_state_create_drawable(state, drawable);
+ if(dri_drawable == NULL)
+ return NULL;
+
dri_drawable->x_drawable = drawable;
dri_drawable->next = state->drawable_hash[index];
state->drawable_hash[index] = dri_drawable;
@@ -283,7 +286,8 @@ getDRI2State(Display* dpy, int screen, char **driver_name)
&internal_driver_name, &device_name))
goto err_out;
- fd = open(device_name, O_RDWR);
+ if(device_name != NULL )
+ fd = open(device_name, O_RDWR);
if (fd < 0)
goto err_out;
--
2.1.4
More information about the Beignet
mailing list