[igt-dev] [PATCH i-g-t 3/3] tests/amdgpu/amdgpu_command_submission: fix uaf
Matthew Auld
matthew.auld at intel.com
Tue Jun 28 13:13:18 UTC 2022
../lib/amdgpu/amd_command_submission.c: In function ‘amdgpu_command_submission_write_linear_helper’:
../lib/amdgpu/amd_command_submission.c:201:13: warning: pointer ‘ring_context’ used after ‘free’ [-Wuse-after-free]
201 | r = amdgpu_cs_ctx_free(ring_context->context_handle);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
../lib/amdgpu/amd_command_submission.c:199:9: note: call to ‘free’ here
199 | free(ring_context);
| ^~~~~~~~~~~~~~~~~~
Signed-off-by: Matthew Auld <matthew.auld at intel.com>
Cc: Petri Latvala <petri.latvala at intel.com>
---
lib/amdgpu/amd_command_submission.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lib/amdgpu/amd_command_submission.c b/lib/amdgpu/amd_command_submission.c
index 4dc4df95..16939653 100644
--- a/lib/amdgpu/amd_command_submission.c
+++ b/lib/amdgpu/amd_command_submission.c
@@ -196,10 +196,10 @@ void amdgpu_command_submission_write_linear_helper(amdgpu_device_handle device,
}
/* clean resources */
free(ring_context->pm4);
- free(ring_context);
/* end of test */
r = amdgpu_cs_ctx_free(ring_context->context_handle);
igt_assert_eq(r, 0);
+ free(ring_context);
}
--
2.36.1
More information about the igt-dev
mailing list