Mesa (master): cso: Don' t restore nr_samplers in cso_restore_fragment_samplers
Michel Dänzer
daenzer at kemper.freedesktop.org
Mon Dec 19 09:28:15 UTC 2016
Module: Mesa
Branch: master
Commit: 3d661a12be5be95da929b19cf4b5976b3c3fb8e9
URL: http://cgit.freedesktop.org/mesa/mesa/commit/?id=3d661a12be5be95da929b19cf4b5976b3c3fb8e9
Author: Michel Dänzer <michel.daenzer at amd.com>
Date: Fri Dec 16 18:05:58 2016 +0900
cso: Don't restore nr_samplers in cso_restore_fragment_samplers
If info->nr_samplers > ctx->nr_fragment_samplers_saved, the assignment
would prevent cso_single_sampler_done from unbinding the no longer used
samplers from the driver, which could result in use-after-free. This is
probably unlikely to happen in practice though.
Cc: "12.0 13.0" <mesa-stable at lists.freedesktop.org>
Reviewed-by: Nicolai Hähnle <nicolai.haehnle at amd.com>
---
src/gallium/auxiliary/cso_cache/cso_context.c | 1 -
1 file changed, 1 deletion(-)
diff --git a/src/gallium/auxiliary/cso_cache/cso_context.c b/src/gallium/auxiliary/cso_cache/cso_context.c
index 127e071..2ee87f9 100644
--- a/src/gallium/auxiliary/cso_cache/cso_context.c
+++ b/src/gallium/auxiliary/cso_cache/cso_context.c
@@ -1275,7 +1275,6 @@ cso_restore_fragment_samplers(struct cso_context *ctx)
{
struct sampler_info *info = &ctx->samplers[PIPE_SHADER_FRAGMENT];
- info->nr_samplers = ctx->nr_fragment_samplers_saved;
memcpy(info->samplers, ctx->fragment_samplers_saved,
sizeof(info->samplers));
cso_single_sampler_done(ctx, PIPE_SHADER_FRAGMENT);
More information about the mesa-commit
mailing list