[Bug 80164] New: Memory allocations from heap which fail cause crash

bugzilla-daemon at freedesktop.org bugzilla-daemon at freedesktop.org
Tue Jun 17 13:22:55 PDT 2014 

https://bugs.freedesktop.org/show_bug.cgi?id=80164

          Priority: medium
            Bug ID: 80164
          Assignee: idr at freedesktop.org
           Summary: Memory allocations from heap which fail cause crash
        QA Contact: intel-3d-bugs at lists.freedesktop.org
          Severity: critical
    Classification: Unclassified
                OS: Linux (All)
          Reporter: jon at lunarg.com
          Hardware: x86-64 (AMD64)
            Status: NEW
           Version: 10.1
         Component: Drivers/DRI/i965
           Product: Mesa

Created attachment 101269
  --> https://bugs.freedesktop.org/attachment.cgi?id=101269&action=edit
List of i965 driver source lines that show the issue

i965 driver has various uses  of malloc/calloc/new which can return a NULL
pointer
but the driver code fails to check for NULL pointer  or causes an assert on
NULL
pointer.  In some virtualized environments, the libGL memory  pool is limited 
so can easily cause crashes by dereference a NULL pointer.  I have a long list
(~150) of likely code lines that need to be fixed in i965 driver, see attached.
Instead of crashing a glError should be returned when out of memory.

Crashes can be forced in Linux by using ulimit.

-- 
You are receiving this mail because:
You are the QA Contact for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freedesktop.org/archives/intel-3d-bugs/attachments/20140617/54fa4bcb/attachment.html>

More information about the intel-3d-bugs mailing list