[Libva] [PATCH: Intel-VA Driver] Fix klockwork critical message hit on calloc function usage
Xiang, Haihao
haihao.xiang at intel.com
Sat Sep 5 21:59:41 PDT 2015
Applied.
Thanks
Haihao
> The calloc function maybe return NULL, it will causing
> memory access violation if continue using NULL C structure.
> Add assert function to do checking on its.
>
> bugzilla:
> https://bugs.freedesktop.org/show_bug.cgi?id=91699
>
> Signed-off-by: Lim Siew Hoon <siew.hoon.lim at intel.com>
> ---
> src/gen6_mfc_common.c | 2 ++
> src/gen6_mfd.c | 1 +
> src/gen75_mfd.c | 3 +++
> src/gen75_picture_process.c | 1 +
> src/gen75_vme.c | 2 ++
> src/gen75_vpp_gpe.c | 1 +
> src/gen75_vpp_vebox.c | 1 +
> src/gen7_mfd.c | 3 +++
> src/gen7_vme.c | 1 +
> src/gen8_mfc.c | 2 +-
> src/gen8_vme.c | 1 +
> src/gen9_mfc.c | 1 +
> src/gen9_mfc_hevc.c | 2 ++
> src/gen9_mfd.c | 1 +
> src/gen9_vme.c | 2 ++
> src/i965_avc_bsd.c | 1 +
> src/i965_encoder.c | 1 +
> src/i965_media.c | 2 ++
> src/i965_media_h264.c | 1 +
> src/i965_media_mpeg2.c | 1 +
> src/i965_post_processing.c | 1 +
> src/intel_batchbuffer.c | 1 +
> 22 files changed, 31 insertions(+), 1 deletion(-)
>
> diff --git a/src/gen6_mfc_common.c b/src/gen6_mfc_common.c
> index 53e31de..663d197 100644
> --- a/src/gen6_mfc_common.c
> +++ b/src/gen6_mfc_common.c
> @@ -650,6 +650,7 @@ VAStatus intel_mfc_avc_prepare(VADriverContextP ctx,
>
> if ( obj_surface->private_data == NULL) {
> gen6_avc_surface = calloc(sizeof(GenAvcSurface), 1);
> + assert(gen6_avc_surface);
> gen6_avc_surface->dmv_top =
> dri_bo_alloc(i965->intel.bufmgr,
> "Buffer",
> @@ -696,6 +697,7 @@ VAStatus intel_mfc_avc_prepare(VADriverContextP ctx,
> if ( obj_surface->private_data == NULL) {
>
> gen6_avc_surface = calloc(sizeof(GenAvcSurface), 1);
> + assert(gen6_avc_surface);
> gen6_avc_surface->dmv_top =
> dri_bo_alloc(i965->intel.bufmgr,
> "Buffer",
> diff --git a/src/gen6_mfd.c b/src/gen6_mfd.c
> index 2dd05a1..5ab2db0 100755
> --- a/src/gen6_mfd.c
> +++ b/src/gen6_mfd.c
> @@ -61,6 +61,7 @@ gen6_mfd_init_avc_surface(VADriverContextP ctx,
>
> if (!gen6_avc_surface) {
> gen6_avc_surface = calloc(sizeof(GenAvcSurface), 1);
> + assert(gen6_avc_surface);
> gen6_avc_surface->base.frame_store_id = -1;
> assert((obj_surface->size & 0x3f) == 0);
> obj_surface->private_data = gen6_avc_surface;
> diff --git a/src/gen75_mfd.c b/src/gen75_mfd.c
> index 11cde1f..0acded3 100644
> --- a/src/gen75_mfd.c
> +++ b/src/gen75_mfd.c
> @@ -67,6 +67,7 @@ gen75_mfd_init_avc_surface(VADriverContextP ctx,
>
> if (!gen7_avc_surface) {
> gen7_avc_surface = calloc(sizeof(GenAvcSurface), 1);
> + assert(gen7_avc_surface);
> gen7_avc_surface->base.frame_store_id = -1;
> assert((obj_surface->size & 0x3f) == 0);
> obj_surface->private_data = gen7_avc_surface;
> @@ -1511,6 +1512,7 @@ gen75_mfd_init_vc1_surface(VADriverContextP ctx,
>
> if (!gen7_vc1_surface) {
> gen7_vc1_surface = calloc(sizeof(struct gen7_vc1_surface), 1);
> + assert(gen7_vc1_surface);
> assert((obj_surface->size & 0x3f) == 0);
> obj_surface->private_data = gen7_vc1_surface;
> }
> @@ -3250,6 +3252,7 @@ gen75_dec_hw_context_init(VADriverContextP ctx, struct object_config *obj_config
> struct gen7_mfd_context *gen7_mfd_context = calloc(1, sizeof(struct gen7_mfd_context));
> int i;
>
> + assert(gen7_mfd_context);
> gen7_mfd_context->base.destroy = gen75_mfd_context_destroy;
> gen7_mfd_context->base.run = gen75_mfd_decode_picture;
> gen7_mfd_context->base.batch = intel_batchbuffer_new(intel, I915_EXEC_RENDER, 0);
> diff --git a/src/gen75_picture_process.c b/src/gen75_picture_process.c
> index cf20ed9..ed50532 100644
> --- a/src/gen75_picture_process.c
> +++ b/src/gen75_picture_process.c
> @@ -266,6 +266,7 @@ gen75_proc_context_init(VADriverContextP ctx,
> struct intel_video_process_context *proc_context
> = calloc(1, sizeof(struct intel_video_process_context));
>
> + assert(proc_context);
> proc_context->base.destroy = gen75_proc_context_destroy;
> proc_context->base.run = gen75_proc_picture;
>
> diff --git a/src/gen75_vme.c b/src/gen75_vme.c
> index 576e91a..0b8855d 100644
> --- a/src/gen75_vme.c
> +++ b/src/gen75_vme.c
> @@ -1037,6 +1037,8 @@ Bool gen75_vme_context_init(VADriverContextP ctx, struct intel_encoder_context *
>
> break;
> }
> +
> + assert(vme_context);
> vme_context->vme_kernel_sum = i965_kernel_num;
> vme_context->gpe_context.surface_state_binding_table.length = (SURFACE_STATE_PADDED_SIZE + sizeof(unsigned int)) * MAX_MEDIA_SURFACES_GEN6;
>
> diff --git a/src/gen75_vpp_gpe.c b/src/gen75_vpp_gpe.c
> index 52a0e2f..118a544 100644
> --- a/src/gen75_vpp_gpe.c
> +++ b/src/gen75_vpp_gpe.c
> @@ -871,6 +871,7 @@ vpp_gpe_context_init(VADriverContextP ctx)
> {
> struct i965_driver_data *i965 = i965_driver_data(ctx);
> struct vpp_gpe_context *vpp_gpe_ctx = calloc(1, sizeof(struct vpp_gpe_context));
> + assert(vpp_gpe_ctx);
> struct i965_gpe_context *gpe_ctx = &(vpp_gpe_ctx->gpe_ctx);
>
> assert(IS_HASWELL(i965->intel.device_info) ||
> diff --git a/src/gen75_vpp_vebox.c b/src/gen75_vpp_vebox.c
> index 7a066f9..06c27f8 100644
> --- a/src/gen75_vpp_vebox.c
> +++ b/src/gen75_vpp_vebox.c
> @@ -1763,6 +1763,7 @@ struct intel_vebox_context * gen75_vebox_context_init(VADriverContextP ctx)
> struct intel_vebox_context *proc_context = calloc(1, sizeof(struct intel_vebox_context));
> int i;
>
> + assert(proc_context);
> proc_context->batch = intel_batchbuffer_new(intel, I915_EXEC_VEBOX, 0);
>
> for (i = 0; i < ARRAY_ELEMS(proc_context->frame_store); i++)
> diff --git a/src/gen7_mfd.c b/src/gen7_mfd.c
> index 1d04ed4..4e668ce 100755
> --- a/src/gen7_mfd.c
> +++ b/src/gen7_mfd.c
> @@ -65,6 +65,7 @@ gen7_mfd_init_avc_surface(VADriverContextP ctx,
>
> if (!gen7_avc_surface) {
> gen7_avc_surface = calloc(sizeof(GenAvcSurface), 1);
> + assert(gen7_avc_surface);
> gen7_avc_surface->base.frame_store_id = -1;
> assert((obj_surface->size & 0x3f) == 0);
> obj_surface->private_data = gen7_avc_surface;
> @@ -1246,6 +1247,7 @@ gen7_mfd_init_vc1_surface(VADriverContextP ctx,
>
> if (!gen7_vc1_surface) {
> gen7_vc1_surface = calloc(sizeof(struct gen7_vc1_surface), 1);
> + assert(gen7_vc1_surface);
> assert((obj_surface->size & 0x3f) == 0);
> obj_surface->private_data = gen7_vc1_surface;
> }
> @@ -2729,6 +2731,7 @@ gen7_dec_hw_context_init(VADriverContextP ctx, struct object_config *obj_config)
> struct gen7_mfd_context *gen7_mfd_context = calloc(1, sizeof(struct gen7_mfd_context));
> int i;
>
> + assert(gen7_mfd_context);
> gen7_mfd_context->base.destroy = gen7_mfd_context_destroy;
> gen7_mfd_context->base.run = gen7_mfd_decode_picture;
> gen7_mfd_context->base.batch = intel_batchbuffer_new(intel, I915_EXEC_RENDER, 0);
> diff --git a/src/gen7_vme.c b/src/gen7_vme.c
> index dc15445..7b116ad 100644
> --- a/src/gen7_vme.c
> +++ b/src/gen7_vme.c
> @@ -1031,6 +1031,7 @@ Bool gen7_vme_context_init(VADriverContextP ctx, struct intel_encoder_context *e
> struct gen6_vme_context *vme_context = calloc(1, sizeof(struct gen6_vme_context));
> struct i965_kernel *vme_kernel_list = NULL;
>
> + assert(vme_context);
> vme_context->gpe_context.surface_state_binding_table.length =
> (SURFACE_STATE_PADDED_SIZE + sizeof(unsigned int)) * MAX_MEDIA_SURFACES_GEN6;
>
> diff --git a/src/gen8_mfc.c b/src/gen8_mfc.c
> index daa860c..9908257 100644
> --- a/src/gen8_mfc.c
> +++ b/src/gen8_mfc.c
> @@ -4571,7 +4571,7 @@ static VAStatus gen8_mfc_pipeline(VADriverContextP ctx,
> Bool gen8_mfc_context_init(VADriverContextP ctx, struct intel_encoder_context *encoder_context)
> {
> struct gen6_mfc_context *mfc_context = calloc(1, sizeof(struct gen6_mfc_context));
> -
> + assert(mfc_context);
> mfc_context->gpe_context.surface_state_binding_table.length = (SURFACE_STATE_PADDED_SIZE + sizeof(unsigned int)) * MAX_MEDIA_SURFACES_GEN6;
>
> mfc_context->gpe_context.idrt.max_entries = MAX_GPE_KERNELS;
> diff --git a/src/gen8_vme.c b/src/gen8_vme.c
> index ace3288..5dd502c 100644
> --- a/src/gen8_vme.c
> +++ b/src/gen8_vme.c
> @@ -1338,6 +1338,7 @@ Bool gen8_vme_context_init(VADriverContextP ctx, struct intel_encoder_context *e
> //If the codec is JPEG, bypass VME
> if(encoder_context->codec != CODEC_JPEG) {
> vme_context = calloc(1, sizeof(struct gen6_vme_context));
> + assert(vme_context);
> vme_context->vme_kernel_sum = i965_kernel_num;
> vme_context->gpe_context.surface_state_binding_table.length = (SURFACE_STATE_PADDED_SIZE + sizeof(unsigned int)) * MAX_MEDIA_SURFACES_GEN6;
>
> diff --git a/src/gen9_mfc.c b/src/gen9_mfc.c
> index b328f75..63a9c21 100644
> --- a/src/gen9_mfc.c
> +++ b/src/gen9_mfc.c
> @@ -1717,6 +1717,7 @@ Bool gen9_mfc_context_init(VADriverContextP ctx, struct intel_encoder_context *e
> return gen8_mfc_context_init(ctx, encoder_context);
>
> mfc_context = calloc(1, sizeof(struct gen6_mfc_context));
> + assert(mfc_context);
> mfc_context->gpe_context.surface_state_binding_table.length = (SURFACE_STATE_PADDED_SIZE + sizeof(unsigned int)) * MAX_MEDIA_SURFACES_GEN6;
>
> mfc_context->gpe_context.idrt.max_entries = MAX_GPE_KERNELS;
> diff --git a/src/gen9_mfc_hevc.c b/src/gen9_mfc_hevc.c
> index e52e408..bf601ec 100644
> --- a/src/gen9_mfc_hevc.c
> +++ b/src/gen9_mfc_hevc.c
> @@ -1984,6 +1984,7 @@ VAStatus intel_hcpe_hevc_prepare(VADriverContextP ctx,
>
> hevc_encoder_surface = calloc(sizeof(GenHevcSurface), 1);
>
> + assert(hevc_encoder_surface);
> hevc_encoder_surface->motion_vector_temporal_bo =
> dri_bo_alloc(i965->intel.bufmgr,
> "motion vector temporal buffer",
> @@ -2583,6 +2584,7 @@ Bool gen9_hcpe_context_init(VADriverContextP ctx, struct intel_encoder_context *
> {
> struct gen9_hcpe_context *hcpe_context = calloc(1, sizeof(struct gen9_hcpe_context));
>
> + assert(hcpe_context);
> hcpe_context->pipe_mode_select = gen9_hcpe_pipe_mode_select;
> hcpe_context->set_surface_state = gen9_hcpe_surface_state;
> hcpe_context->ind_obj_base_addr_state = gen9_hcpe_ind_obj_base_addr_state;
> diff --git a/src/gen9_mfd.c b/src/gen9_mfd.c
> index c435e30..da76378 100644
> --- a/src/gen9_mfd.c
> +++ b/src/gen9_mfd.c
> @@ -77,6 +77,7 @@ gen9_hcpd_init_hevc_surface(VADriverContextP ctx,
>
> if (!gen9_hevc_surface) {
> gen9_hevc_surface = calloc(sizeof(GenHevcSurface), 1);
> + assert(gen9_hevc_surface);
> gen9_hevc_surface->base.frame_store_id = -1;
> obj_surface->private_data = gen9_hevc_surface;
> }
> diff --git a/src/gen9_vme.c b/src/gen9_vme.c
> index b28470b..736b13a 100644
> --- a/src/gen9_vme.c
> +++ b/src/gen9_vme.c
> @@ -1817,6 +1817,8 @@ Bool gen9_vme_context_init(VADriverContextP ctx, struct intel_encoder_context *e
>
> break;
> }
> +
> + assert(vme_context);
> vme_context->vme_kernel_sum = i965_kernel_num;
> vme_context->gpe_context.surface_state_binding_table.length = (SURFACE_STATE_PADDED_SIZE + sizeof(unsigned int)) * MAX_MEDIA_SURFACES_GEN6;
>
> diff --git a/src/i965_avc_bsd.c b/src/i965_avc_bsd.c
> index e6e86b0..157a107 100644
> --- a/src/i965_avc_bsd.c
> +++ b/src/i965_avc_bsd.c
> @@ -51,6 +51,7 @@ i965_avc_bsd_init_avc_bsd_surface(VADriverContextP ctx,
>
> if (!avc_bsd_surface) {
> avc_bsd_surface = calloc(sizeof(GenAvcSurface), 1);
> + assert(avc_bsd_surface);
> avc_bsd_surface->base.frame_store_id = -1;
> assert((obj_surface->size & 0x3f) == 0);
> obj_surface->private_data = avc_bsd_surface;
> diff --git a/src/i965_encoder.c b/src/i965_encoder.c
> index 22e4ec6..de851d1 100644
> --- a/src/i965_encoder.c
> +++ b/src/i965_encoder.c
> @@ -662,6 +662,7 @@ intel_enc_hw_context_init(VADriverContextP ctx,
> struct intel_encoder_context *encoder_context = calloc(1, sizeof(struct intel_encoder_context));
> int i;
>
> + assert(encoder_context);
> encoder_context->base.destroy = intel_encoder_context_destroy;
> encoder_context->base.run = intel_encoder_end_picture;
> encoder_context->base.batch = intel_batchbuffer_new(intel, I915_EXEC_RENDER, 0);
> diff --git a/src/i965_media.c b/src/i965_media.c
> index a13c233..3e33b9b 100644
> --- a/src/i965_media.c
> +++ b/src/i965_media.c
> @@ -338,6 +338,7 @@ g4x_dec_hw_context_init(VADriverContextP ctx, struct object_config *obj_config)
> struct intel_driver_data *intel = intel_driver_data(ctx);
> struct i965_media_context *media_context = calloc(1, sizeof(struct i965_media_context));
>
> + assert(media_context);
> media_context->base.destroy = i965_media_context_destroy;
> media_context->base.run = i965_media_decode_picture;
> media_context->base.batch = intel_batchbuffer_new(intel, I915_EXEC_RENDER, 0);
> @@ -368,6 +369,7 @@ ironlake_dec_hw_context_init(VADriverContextP ctx, struct object_config *obj_con
> struct intel_driver_data *intel = intel_driver_data(ctx);
> struct i965_media_context *media_context = calloc(1, sizeof(struct i965_media_context));
>
> + assert(media_context);
> media_context->base.destroy = i965_media_context_destroy;
> media_context->base.run = i965_media_decode_picture;
> media_context->base.batch = intel_batchbuffer_new(intel, I915_EXEC_RENDER, 0);
> diff --git a/src/i965_media_h264.c b/src/i965_media_h264.c
> index 8ec7e4f..5b05ac0 100644
> --- a/src/i965_media_h264.c
> +++ b/src/i965_media_h264.c
> @@ -844,6 +844,7 @@ i965_media_h264_dec_context_init(VADriverContextP ctx, struct i965_media_context
> sizeof(h264_avc_kernels_gen5[0])));
> assert(NUM_AVC_MC_INTERFACES == (sizeof(avc_mc_kernel_offset_gen5) /
> sizeof(avc_mc_kernel_offset_gen5[0])));
> + assert(i965_h264_context);
> if (IS_IRONLAKE(i965->intel.device_info)) {
> memcpy(i965_h264_context->avc_kernels, h264_avc_kernels_gen5, sizeof(i965_h264_context->avc_kernels));
> avc_mc_kernel_offset = avc_mc_kernel_offset_gen5;
> diff --git a/src/i965_media_mpeg2.c b/src/i965_media_mpeg2.c
> index 245c8e7..2980bdc 100644
> --- a/src/i965_media_mpeg2.c
> +++ b/src/i965_media_mpeg2.c
> @@ -979,6 +979,7 @@ i965_media_mpeg2_dec_context_init(VADriverContextP ctx, struct i965_media_contex
> int i;
>
> i965_mpeg2_context = calloc(1, sizeof(struct i965_mpeg2_context));
> + assert(i965_mpeg2_context);
> i965_mpeg2_context->wa_slice_vertical_position = -1;
>
> /* kernel */
> diff --git a/src/i965_post_processing.c b/src/i965_post_processing.c
> index a1c0e4d..6d504d8 100755
> --- a/src/i965_post_processing.c
> +++ b/src/i965_post_processing.c
> @@ -5510,6 +5510,7 @@ i965_post_processing_init(VADriverContextP ctx)
> if (HAS_VPP(i965)) {
> if (pp_context == NULL) {
> pp_context = calloc(1, sizeof(*pp_context));
> + assert(pp_context);
> i965->codec_info->post_processing_context_init(ctx, pp_context, i965->pp_batch);
> i965->pp_context = pp_context;
> }
> diff --git a/src/intel_batchbuffer.c b/src/intel_batchbuffer.c
> index 60178c6..c5604b8 100644
> --- a/src/intel_batchbuffer.c
> +++ b/src/intel_batchbuffer.c
> @@ -95,6 +95,7 @@ intel_batchbuffer_new(struct intel_driver_data *intel, int flag, int buffer_size
> buffer_size = MAX_BATCH_SIZE;
> }
>
> + assert(batch);
> batch->intel = intel;
> batch->flag = flag;
> batch->run = drm_intel_bo_mrb_exec;
More information about the Libva
mailing list