Mesa (master): intel/decoder: Avoid freeing invalid pointer

GitLab Mirror gitlab-mirror at kemper.freedesktop.org
Thu Oct 4 09:05:43 UTC 2018 

Module: Mesa
Branch: master
Commit: f9c8468c824dd9ceb804b6c9e177b738f8340a26
URL:    http://cgit.freedesktop.org/mesa/mesa/commit/?id=f9c8468c824dd9ceb804b6c9e177b738f8340a26

Author: Sagar Ghuge <sagar.ghuge at intel.com>
Date:   Thu Sep  6 12:37:28 2018 -0700

intel/decoder: Avoid freeing invalid pointer

v2: Free ctx.spec if error while reading genxml (Lionel Landwerlin)

v3: Handle case where genxml is empty (Lionel Landwerlin)

Signed-off-by: Sagar Ghuge <sagar.ghuge at intel.com>
Reviewed-by: Lionel Landwerlin <lionel.g.landwerlin at intel.com>

---

 src/intel/common/gen_decoder.c | 18 +++++++++++++-----
 1 file changed, 13 insertions(+), 5 deletions(-)

diff --git a/src/intel/common/gen_decoder.c b/src/intel/common/gen_decoder.c
index d4db8b89cc..38a5fccb2a 100644
--- a/src/intel/common/gen_decoder.c
+++ b/src/intel/common/gen_decoder.c
@@ -654,25 +654,27 @@ gen_spec_load_from_path(const struct gen_device_info *devinfo,
    ctx.spec = gen_spec_init();
    if (ctx.spec == NULL) {
       fprintf(stderr, "Failed to create gen_spec\n");
-      return NULL;
+      goto end;
    }
 
    do {
       buf = XML_GetBuffer(ctx.parser, XML_BUFFER_SIZE);
       len = fread(buf, 1, XML_BUFFER_SIZE, input);
-      if (len == 0) {
+      if (ferror(input)) {
          fprintf(stderr, "fread: %m\n");
-         free(ctx.spec);
+         gen_spec_destroy(ctx.spec);
          ctx.spec = NULL;
          goto end;
-      }
+      } else if (feof(input))
+         goto end;
+
       if (XML_ParseBuffer(ctx.parser, len, len == 0) == 0) {
          fprintf(stderr,
                  "Error parsing XML at line %ld col %ld: %s\n",
                  XML_GetCurrentLineNumber(ctx.parser),
                  XML_GetCurrentColumnNumber(ctx.parser),
                  XML_ErrorString(XML_GetErrorCode(ctx.parser)));
-         free(ctx.spec);
+         gen_spec_destroy(ctx.spec);
          ctx.spec = NULL;
          goto end;
       }
@@ -684,6 +686,12 @@ gen_spec_load_from_path(const struct gen_device_info *devinfo,
    fclose(input);
    free(filename);
 
+   /* free ctx.spec if genxml is empty */
+   if (ctx.spec && _mesa_hash_table_num_entries(ctx.spec->commands) == 0) {
+      gen_spec_destroy(ctx.spec);
+      return NULL;
+   }
+
    return ctx.spec;
 }

More information about the mesa-commit mailing list