[Mesa-dev] [PATCH] nouveau: Fix bugs in nouveau_video_buffer

Mon Dec 19 01:06:58 PST 2011

Double free and array overflow, even if only 2 members are
used the last one needs to be set to NULL explicitly.

Signed-off-by: Maarten Lankhorst <m.b.lankhorst at gmail.com

---
 src/gallium/drivers/nouveau/nouveau_video.c |    1 -
 src/gallium/drivers/nouveau/nouveau_video.h |    6 +++---
 2 files changed, 3 insertions(+), 4 deletions(-)

diff --git a/src/gallium/drivers/nouveau/nouveau_video.c b/src/gallium/drivers/nouveau/nouveau_video.c
index 162e1aa..a442537 100644
--- a/src/gallium/drivers/nouveau/nouveau_video.c
+++ b/src/gallium/drivers/nouveau/nouveau_video.c
@@ -835,7 +835,6 @@ nouveau_video_buffer_create(struct pipe_context *pipe,
 
 error:
    nouveau_video_buffer_destroy(&buffer->base);
-   FREE(buffer);
    return NULL;
 }
 
diff --git a/src/gallium/drivers/nouveau/nouveau_video.h b/src/gallium/drivers/nouveau/nouveau_video.h
index c6875c3..22593ff 100644
--- a/src/gallium/drivers/nouveau/nouveau_video.h
+++ b/src/gallium/drivers/nouveau/nouveau_video.h
@@ -7,10 +7,10 @@
 struct nouveau_video_buffer {
    struct pipe_video_buffer base;
    unsigned num_planes;
-   struct pipe_resource     *resources[2];
-   struct pipe_sampler_view *sampler_view_planes[2];
+   struct pipe_resource     *resources[3];
+   struct pipe_sampler_view *sampler_view_planes[3];
    struct pipe_sampler_view *sampler_view_components[3];
-   struct pipe_surface      *surfaces[2];
+   struct pipe_surface      *surfaces[3];
 };
 
 struct nouveau_decoder {
-- 
1.7.7.4



