[Libva] [PATCH: Intel-VA Driver] Fix klockwork critical message hit on calloc function usage
Lim Siew Hoon
siew.hoon.lim at intel.com
Thu Aug 20 03:29:09 PDT 2015
The calloc function maybe return NULL, it will causing
memory access violation if continue using NULL C structure.
Add assert function to do checking on its.
bugzilla:
https://bugs.freedesktop.org/show_bug.cgi?id=91699
Signed-off-by: Lim Siew Hoon <siew.hoon.lim at intel.com>
---
src/gen6_mfc_common.c | 2 ++
src/gen6_mfd.c | 1 +
src/gen75_mfd.c | 3 +++
src/gen75_picture_process.c | 1 +
src/gen75_vme.c | 2 ++
src/gen75_vpp_gpe.c | 1 +
src/gen75_vpp_vebox.c | 1 +
src/gen7_mfd.c | 3 +++
src/gen7_vme.c | 1 +
src/gen8_mfc.c | 2 +-
src/gen8_vme.c | 1 +
src/gen9_mfc.c | 1 +
src/gen9_mfc_hevc.c | 2 ++
src/gen9_mfd.c | 1 +
src/gen9_vme.c | 2 ++
src/i965_avc_bsd.c | 1 +
src/i965_encoder.c | 1 +
src/i965_media.c | 2 ++
src/i965_media_h264.c | 1 +
src/i965_media_mpeg2.c | 1 +
src/i965_post_processing.c | 1 +
src/intel_batchbuffer.c | 1 +
22 files changed, 31 insertions(+), 1 deletion(-)
diff --git a/src/gen6_mfc_common.c b/src/gen6_mfc_common.c
index 53e31de..663d197 100644
--- a/src/gen6_mfc_common.c
+++ b/src/gen6_mfc_common.c
@@ -650,6 +650,7 @@ VAStatus intel_mfc_avc_prepare(VADriverContextP ctx,
if ( obj_surface->private_data == NULL) {
gen6_avc_surface = calloc(sizeof(GenAvcSurface), 1);
+ assert(gen6_avc_surface);
gen6_avc_surface->dmv_top =
dri_bo_alloc(i965->intel.bufmgr,
"Buffer",
@@ -696,6 +697,7 @@ VAStatus intel_mfc_avc_prepare(VADriverContextP ctx,
if ( obj_surface->private_data == NULL) {
gen6_avc_surface = calloc(sizeof(GenAvcSurface), 1);
+ assert(gen6_avc_surface);
gen6_avc_surface->dmv_top =
dri_bo_alloc(i965->intel.bufmgr,
"Buffer",
diff --git a/src/gen6_mfd.c b/src/gen6_mfd.c
index 2dd05a1..5ab2db0 100755
--- a/src/gen6_mfd.c
+++ b/src/gen6_mfd.c
@@ -61,6 +61,7 @@ gen6_mfd_init_avc_surface(VADriverContextP ctx,
if (!gen6_avc_surface) {
gen6_avc_surface = calloc(sizeof(GenAvcSurface), 1);
+ assert(gen6_avc_surface);
gen6_avc_surface->base.frame_store_id = -1;
assert((obj_surface->size & 0x3f) == 0);
obj_surface->private_data = gen6_avc_surface;
diff --git a/src/gen75_mfd.c b/src/gen75_mfd.c
index 11cde1f..0acded3 100644
--- a/src/gen75_mfd.c
+++ b/src/gen75_mfd.c
@@ -67,6 +67,7 @@ gen75_mfd_init_avc_surface(VADriverContextP ctx,
if (!gen7_avc_surface) {
gen7_avc_surface = calloc(sizeof(GenAvcSurface), 1);
+ assert(gen7_avc_surface);
gen7_avc_surface->base.frame_store_id = -1;
assert((obj_surface->size & 0x3f) == 0);
obj_surface->private_data = gen7_avc_surface;
@@ -1511,6 +1512,7 @@ gen75_mfd_init_vc1_surface(VADriverContextP ctx,
if (!gen7_vc1_surface) {
gen7_vc1_surface = calloc(sizeof(struct gen7_vc1_surface), 1);
+ assert(gen7_vc1_surface);
assert((obj_surface->size & 0x3f) == 0);
obj_surface->private_data = gen7_vc1_surface;
}
@@ -3250,6 +3252,7 @@ gen75_dec_hw_context_init(VADriverContextP ctx, struct object_config *obj_config
struct gen7_mfd_context *gen7_mfd_context = calloc(1, sizeof(struct gen7_mfd_context));
int i;
+ assert(gen7_mfd_context);
gen7_mfd_context->base.destroy = gen75_mfd_context_destroy;
gen7_mfd_context->base.run = gen75_mfd_decode_picture;
gen7_mfd_context->base.batch = intel_batchbuffer_new(intel, I915_EXEC_RENDER, 0);
diff --git a/src/gen75_picture_process.c b/src/gen75_picture_process.c
index cf20ed9..ed50532 100644
--- a/src/gen75_picture_process.c
+++ b/src/gen75_picture_process.c
@@ -266,6 +266,7 @@ gen75_proc_context_init(VADriverContextP ctx,
struct intel_video_process_context *proc_context
= calloc(1, sizeof(struct intel_video_process_context));
+ assert(proc_context);
proc_context->base.destroy = gen75_proc_context_destroy;
proc_context->base.run = gen75_proc_picture;
diff --git a/src/gen75_vme.c b/src/gen75_vme.c
index 576e91a..0b8855d 100644
--- a/src/gen75_vme.c
+++ b/src/gen75_vme.c
@@ -1037,6 +1037,8 @@ Bool gen75_vme_context_init(VADriverContextP ctx, struct intel_encoder_context *
break;
}
+
+ assert(vme_context);
vme_context->vme_kernel_sum = i965_kernel_num;
vme_context->gpe_context.surface_state_binding_table.length = (SURFACE_STATE_PADDED_SIZE + sizeof(unsigned int)) * MAX_MEDIA_SURFACES_GEN6;
diff --git a/src/gen75_vpp_gpe.c b/src/gen75_vpp_gpe.c
index 52a0e2f..118a544 100644
--- a/src/gen75_vpp_gpe.c
+++ b/src/gen75_vpp_gpe.c
@@ -871,6 +871,7 @@ vpp_gpe_context_init(VADriverContextP ctx)
{
struct i965_driver_data *i965 = i965_driver_data(ctx);
struct vpp_gpe_context *vpp_gpe_ctx = calloc(1, sizeof(struct vpp_gpe_context));
+ assert(vpp_gpe_ctx);
struct i965_gpe_context *gpe_ctx = &(vpp_gpe_ctx->gpe_ctx);
assert(IS_HASWELL(i965->intel.device_info) ||
diff --git a/src/gen75_vpp_vebox.c b/src/gen75_vpp_vebox.c
index 7a066f9..06c27f8 100644
--- a/src/gen75_vpp_vebox.c
+++ b/src/gen75_vpp_vebox.c
@@ -1763,6 +1763,7 @@ struct intel_vebox_context * gen75_vebox_context_init(VADriverContextP ctx)
struct intel_vebox_context *proc_context = calloc(1, sizeof(struct intel_vebox_context));
int i;
+ assert(proc_context);
proc_context->batch = intel_batchbuffer_new(intel, I915_EXEC_VEBOX, 0);
for (i = 0; i < ARRAY_ELEMS(proc_context->frame_store); i++)
diff --git a/src/gen7_mfd.c b/src/gen7_mfd.c
index 1d04ed4..4e668ce 100755
--- a/src/gen7_mfd.c
+++ b/src/gen7_mfd.c
@@ -65,6 +65,7 @@ gen7_mfd_init_avc_surface(VADriverContextP ctx,
if (!gen7_avc_surface) {
gen7_avc_surface = calloc(sizeof(GenAvcSurface), 1);
+ assert(gen7_avc_surface);
gen7_avc_surface->base.frame_store_id = -1;
assert((obj_surface->size & 0x3f) == 0);
obj_surface->private_data = gen7_avc_surface;
@@ -1246,6 +1247,7 @@ gen7_mfd_init_vc1_surface(VADriverContextP ctx,
if (!gen7_vc1_surface) {
gen7_vc1_surface = calloc(sizeof(struct gen7_vc1_surface), 1);
+ assert(gen7_vc1_surface);
assert((obj_surface->size & 0x3f) == 0);
obj_surface->private_data = gen7_vc1_surface;
}
@@ -2729,6 +2731,7 @@ gen7_dec_hw_context_init(VADriverContextP ctx, struct object_config *obj_config)
struct gen7_mfd_context *gen7_mfd_context = calloc(1, sizeof(struct gen7_mfd_context));
int i;
+ assert(gen7_mfd_context);
gen7_mfd_context->base.destroy = gen7_mfd_context_destroy;
gen7_mfd_context->base.run = gen7_mfd_decode_picture;
gen7_mfd_context->base.batch = intel_batchbuffer_new(intel, I915_EXEC_RENDER, 0);
diff --git a/src/gen7_vme.c b/src/gen7_vme.c
index dc15445..7b116ad 100644
--- a/src/gen7_vme.c
+++ b/src/gen7_vme.c
@@ -1031,6 +1031,7 @@ Bool gen7_vme_context_init(VADriverContextP ctx, struct intel_encoder_context *e
struct gen6_vme_context *vme_context = calloc(1, sizeof(struct gen6_vme_context));
struct i965_kernel *vme_kernel_list = NULL;
+ assert(vme_context);
vme_context->gpe_context.surface_state_binding_table.length =
(SURFACE_STATE_PADDED_SIZE + sizeof(unsigned int)) * MAX_MEDIA_SURFACES_GEN6;
diff --git a/src/gen8_mfc.c b/src/gen8_mfc.c
index daa860c..9908257 100644
--- a/src/gen8_mfc.c
+++ b/src/gen8_mfc.c
@@ -4571,7 +4571,7 @@ static VAStatus gen8_mfc_pipeline(VADriverContextP ctx,
Bool gen8_mfc_context_init(VADriverContextP ctx, struct intel_encoder_context *encoder_context)
{
struct gen6_mfc_context *mfc_context = calloc(1, sizeof(struct gen6_mfc_context));
-
+ assert(mfc_context);
mfc_context->gpe_context.surface_state_binding_table.length = (SURFACE_STATE_PADDED_SIZE + sizeof(unsigned int)) * MAX_MEDIA_SURFACES_GEN6;
mfc_context->gpe_context.idrt.max_entries = MAX_GPE_KERNELS;
diff --git a/src/gen8_vme.c b/src/gen8_vme.c
index ace3288..5dd502c 100644
--- a/src/gen8_vme.c
+++ b/src/gen8_vme.c
@@ -1338,6 +1338,7 @@ Bool gen8_vme_context_init(VADriverContextP ctx, struct intel_encoder_context *e
//If the codec is JPEG, bypass VME
if(encoder_context->codec != CODEC_JPEG) {
vme_context = calloc(1, sizeof(struct gen6_vme_context));
+ assert(vme_context);
vme_context->vme_kernel_sum = i965_kernel_num;
vme_context->gpe_context.surface_state_binding_table.length = (SURFACE_STATE_PADDED_SIZE + sizeof(unsigned int)) * MAX_MEDIA_SURFACES_GEN6;
diff --git a/src/gen9_mfc.c b/src/gen9_mfc.c
index b328f75..63a9c21 100644
--- a/src/gen9_mfc.c
+++ b/src/gen9_mfc.c
@@ -1717,6 +1717,7 @@ Bool gen9_mfc_context_init(VADriverContextP ctx, struct intel_encoder_context *e
return gen8_mfc_context_init(ctx, encoder_context);
mfc_context = calloc(1, sizeof(struct gen6_mfc_context));
+ assert(mfc_context);
mfc_context->gpe_context.surface_state_binding_table.length = (SURFACE_STATE_PADDED_SIZE + sizeof(unsigned int)) * MAX_MEDIA_SURFACES_GEN6;
mfc_context->gpe_context.idrt.max_entries = MAX_GPE_KERNELS;
diff --git a/src/gen9_mfc_hevc.c b/src/gen9_mfc_hevc.c
index e52e408..bf601ec 100644
--- a/src/gen9_mfc_hevc.c
+++ b/src/gen9_mfc_hevc.c
@@ -1984,6 +1984,7 @@ VAStatus intel_hcpe_hevc_prepare(VADriverContextP ctx,
hevc_encoder_surface = calloc(sizeof(GenHevcSurface), 1);
+ assert(hevc_encoder_surface);
hevc_encoder_surface->motion_vector_temporal_bo =
dri_bo_alloc(i965->intel.bufmgr,
"motion vector temporal buffer",
@@ -2583,6 +2584,7 @@ Bool gen9_hcpe_context_init(VADriverContextP ctx, struct intel_encoder_context *
{
struct gen9_hcpe_context *hcpe_context = calloc(1, sizeof(struct gen9_hcpe_context));
+ assert(hcpe_context);
hcpe_context->pipe_mode_select = gen9_hcpe_pipe_mode_select;
hcpe_context->set_surface_state = gen9_hcpe_surface_state;
hcpe_context->ind_obj_base_addr_state = gen9_hcpe_ind_obj_base_addr_state;
diff --git a/src/gen9_mfd.c b/src/gen9_mfd.c
index c435e30..da76378 100644
--- a/src/gen9_mfd.c
+++ b/src/gen9_mfd.c
@@ -77,6 +77,7 @@ gen9_hcpd_init_hevc_surface(VADriverContextP ctx,
if (!gen9_hevc_surface) {
gen9_hevc_surface = calloc(sizeof(GenHevcSurface), 1);
+ assert(gen9_hevc_surface);
gen9_hevc_surface->base.frame_store_id = -1;
obj_surface->private_data = gen9_hevc_surface;
}
diff --git a/src/gen9_vme.c b/src/gen9_vme.c
index b28470b..736b13a 100644
--- a/src/gen9_vme.c
+++ b/src/gen9_vme.c
@@ -1817,6 +1817,8 @@ Bool gen9_vme_context_init(VADriverContextP ctx, struct intel_encoder_context *e
break;
}
+
+ assert(vme_context);
vme_context->vme_kernel_sum = i965_kernel_num;
vme_context->gpe_context.surface_state_binding_table.length = (SURFACE_STATE_PADDED_SIZE + sizeof(unsigned int)) * MAX_MEDIA_SURFACES_GEN6;
diff --git a/src/i965_avc_bsd.c b/src/i965_avc_bsd.c
index e6e86b0..157a107 100644
--- a/src/i965_avc_bsd.c
+++ b/src/i965_avc_bsd.c
@@ -51,6 +51,7 @@ i965_avc_bsd_init_avc_bsd_surface(VADriverContextP ctx,
if (!avc_bsd_surface) {
avc_bsd_surface = calloc(sizeof(GenAvcSurface), 1);
+ assert(avc_bsd_surface);
avc_bsd_surface->base.frame_store_id = -1;
assert((obj_surface->size & 0x3f) == 0);
obj_surface->private_data = avc_bsd_surface;
diff --git a/src/i965_encoder.c b/src/i965_encoder.c
index 22e4ec6..de851d1 100644
--- a/src/i965_encoder.c
+++ b/src/i965_encoder.c
@@ -662,6 +662,7 @@ intel_enc_hw_context_init(VADriverContextP ctx,
struct intel_encoder_context *encoder_context = calloc(1, sizeof(struct intel_encoder_context));
int i;
+ assert(encoder_context);
encoder_context->base.destroy = intel_encoder_context_destroy;
encoder_context->base.run = intel_encoder_end_picture;
encoder_context->base.batch = intel_batchbuffer_new(intel, I915_EXEC_RENDER, 0);
diff --git a/src/i965_media.c b/src/i965_media.c
index a13c233..3e33b9b 100644
--- a/src/i965_media.c
+++ b/src/i965_media.c
@@ -338,6 +338,7 @@ g4x_dec_hw_context_init(VADriverContextP ctx, struct object_config *obj_config)
struct intel_driver_data *intel = intel_driver_data(ctx);
struct i965_media_context *media_context = calloc(1, sizeof(struct i965_media_context));
+ assert(media_context);
media_context->base.destroy = i965_media_context_destroy;
media_context->base.run = i965_media_decode_picture;
media_context->base.batch = intel_batchbuffer_new(intel, I915_EXEC_RENDER, 0);
@@ -368,6 +369,7 @@ ironlake_dec_hw_context_init(VADriverContextP ctx, struct object_config *obj_con
struct intel_driver_data *intel = intel_driver_data(ctx);
struct i965_media_context *media_context = calloc(1, sizeof(struct i965_media_context));
+ assert(media_context);
media_context->base.destroy = i965_media_context_destroy;
media_context->base.run = i965_media_decode_picture;
media_context->base.batch = intel_batchbuffer_new(intel, I915_EXEC_RENDER, 0);
diff --git a/src/i965_media_h264.c b/src/i965_media_h264.c
index 8ec7e4f..5b05ac0 100644
--- a/src/i965_media_h264.c
+++ b/src/i965_media_h264.c
@@ -844,6 +844,7 @@ i965_media_h264_dec_context_init(VADriverContextP ctx, struct i965_media_context
sizeof(h264_avc_kernels_gen5[0])));
assert(NUM_AVC_MC_INTERFACES == (sizeof(avc_mc_kernel_offset_gen5) /
sizeof(avc_mc_kernel_offset_gen5[0])));
+ assert(i965_h264_context);
if (IS_IRONLAKE(i965->intel.device_info)) {
memcpy(i965_h264_context->avc_kernels, h264_avc_kernels_gen5, sizeof(i965_h264_context->avc_kernels));
avc_mc_kernel_offset = avc_mc_kernel_offset_gen5;
diff --git a/src/i965_media_mpeg2.c b/src/i965_media_mpeg2.c
index 245c8e7..2980bdc 100644
--- a/src/i965_media_mpeg2.c
+++ b/src/i965_media_mpeg2.c
@@ -979,6 +979,7 @@ i965_media_mpeg2_dec_context_init(VADriverContextP ctx, struct i965_media_contex
int i;
i965_mpeg2_context = calloc(1, sizeof(struct i965_mpeg2_context));
+ assert(i965_mpeg2_context);
i965_mpeg2_context->wa_slice_vertical_position = -1;
/* kernel */
diff --git a/src/i965_post_processing.c b/src/i965_post_processing.c
index a1c0e4d..6d504d8 100755
--- a/src/i965_post_processing.c
+++ b/src/i965_post_processing.c
@@ -5510,6 +5510,7 @@ i965_post_processing_init(VADriverContextP ctx)
if (HAS_VPP(i965)) {
if (pp_context == NULL) {
pp_context = calloc(1, sizeof(*pp_context));
+ assert(pp_context);
i965->codec_info->post_processing_context_init(ctx, pp_context, i965->pp_batch);
i965->pp_context = pp_context;
}
diff --git a/src/intel_batchbuffer.c b/src/intel_batchbuffer.c
index 60178c6..c5604b8 100644
--- a/src/intel_batchbuffer.c
+++ b/src/intel_batchbuffer.c
@@ -95,6 +95,7 @@ intel_batchbuffer_new(struct intel_driver_data *intel, int flag, int buffer_size
buffer_size = MAX_BATCH_SIZE;
}
+ assert(batch);
batch->intel = intel;
batch->flag = flag;
batch->run = drm_intel_bo_mrb_exec;
--
2.1.0
More information about the Libva
mailing list