[igt-dev] [PATCH i-g-t] kms_dp_tiled_display: Fix the double free of drmConnector

[Chris Wilson]

drmConnectorFree is called inside the loop and after. Not unsurprisingly
this leads to a use-after-free and memcorruption.

Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=111710
Signed-off-by: Chris Wilson <chris at chris-wilson.co.uk>
Cc: Manasi Navare <manasi.d.navare at intel.com>
---
 tests/kms_dp_tiled_display.c | 28 ++++++++++------------------
 1 file changed, 10 insertions(+), 18 deletions(-)

diff --git a/tests/kms_dp_tiled_display.c b/tests/kms_dp_tiled_display.c
index c4643c358..dc4866d2f 100644
--- a/tests/kms_dp_tiled_display.c
+++ b/tests/kms_dp_tiled_display.c
@@ -100,37 +100,29 @@ cleanup:
 
 static void get_number_of_h_tiles(data_t *data)
 {
-	int i;
+	igt_tile_info_t tile = {};
 	drmModeResPtr res;
-	drmModeConnectorPtr connector;
-	igt_tile_info_t tile = {.num_h_tile = 0};
 
 	igt_assert(res = drmModeGetResources(data->drm_fd));
 
-	for (i = 0; i < res->count_connectors; i++) {
+	for (int i = 0; !data->num_h_tiles && i < res->count_connectors; i++) {
+		drmModeConnectorPtr connector;
+
 		connector = drmModeGetConnectorCurrent(data->drm_fd,
 						       res->connectors[i]);
-
 		igt_assert(connector);
 
-		if (connector->connection != DRM_MODE_CONNECTED ||
-		    connector->connector_type != DRM_MODE_CONNECTOR_DisplayPort) {
-			drmModeFreeConnector(connector);
-			continue;
-		}
-
-		get_connector_tile_props(data, connector, &tile);
+		if (connector->connection == DRM_MODE_CONNECTED &&
+		    connector->connector_type == DRM_MODE_CONNECTOR_DisplayPort) {
+			get_connector_tile_props(data, connector, &tile);
 
-		if (tile.num_h_tile == 0) {
-			drmModeFreeConnector(connector);
-			continue;
+			data->num_h_tiles = tile.num_h_tile;
 		}
-		data->num_h_tiles = tile.num_h_tile;
-		break;
+
+		drmModeFreeConnector(connector);
 	}
 
 	drmModeFreeResources(res);
-	drmModeFreeConnector(connector);
 }
 
 static void get_connectors(data_t *data)
-- 
2.23.0