[PATCH] Fix SIGSEGV in libdrm for heigth = 0 and width = 0
Damien Lespiau
damien.lespiau at intel.com
Thu Nov 20 06:12:22 PST 2014
On Fri, Nov 07, 2014 at 07:43:04PM +0100, Thomas Meyer wrote:
>
> drm_intel_gem_bo_free() crashes because the list bo_gem->vma_list is not
> yet initialised, but the error path tries to free it.
>
> See also https://bugs.freedesktop.org/show_bug.cgi?id=75844
>
> Reviewed-by: Chris Wilson <chris at chris-wilson.co.uk>
> Signed-off-by: Thomas Meyer <thomas at m3y3r.de>
Thanks for the patch and review tag. Sorry it took so long to push, it
wasn't clear who was going to do it.
--
Damien
> ---
>
> diff --git a/intel/intel_bufmgr_gem.c b/intel/intel_bufmgr_gem.c
> index f2f4fea..b3e9dba 100644
> --- a/intel/intel_bufmgr_gem.c
> +++ b/intel/intel_bufmgr_gem.c
> @@ -759,15 +759,16 @@ retry:
> bo_gem->swizzle_mode = I915_BIT_6_SWIZZLE_NONE;
> bo_gem->stride = 0;
>
> + /* drm_intel_gem_bo_free calls DRMLISTDEL() for an uninitialized
> + list (vma_list), so better set the list head here */
> + DRMINITLISTHEAD(&bo_gem->name_list);
> + DRMINITLISTHEAD(&bo_gem->vma_list);
> if (drm_intel_gem_bo_set_tiling_internal(&bo_gem->bo,
> tiling_mode,
> stride)) {
> drm_intel_gem_bo_free(&bo_gem->bo);
> return NULL;
> }
> -
> - DRMINITLISTHEAD(&bo_gem->name_list);
> - DRMINITLISTHEAD(&bo_gem->vma_list);
> }
>
> bo_gem->name = name;
>
>
>
More information about the dri-devel
mailing list