[Mesa-dev] [Bug 41677] New: Potential deallocation at null pointer while getting of extra extensions info

bugzilla-daemon at freedesktop.org bugzilla-daemon at freedesktop.org
Tue Oct 11 05:04:30 PDT 2011 

https://bugs.freedesktop.org/show_bug.cgi?id=41677

           Summary: Potential deallocation at null pointer while getting
                    of extra extensions info
           Product: Mesa
           Version: 7.11
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: minor
          Priority: medium
         Component: Mesa core
        AssignedTo: mesa-dev at lists.freedesktop.org
        ReportedBy: alex78_rus at mail.ru


Function: GLubyte* _mesa_make_extension_string(struct gl_context *ctx)
Module:   mesa/main/extensions.c
Mesa library found version: the currently presented version of library
development 

http://cgit.freedesktop.org/mesa/mesa/commit/?id=a13eed4b826d0bb5dfcb5e63651987a232df8a06

The function makes the deallocation at null pointer at lines 854,861 if
"extra_extensions == NULL" in case when memory allocation error occurred:

811: GLubyte*
812:_mesa_make_extension_string(struct gl_context *ctx)
813:{
814:/* The extension string. */
815:char *exts = 0;
816:/* Length of extension string. */
817:size_t length = 0;
818:/* Number of extensions */
819:unsigned count;
820:/* Indices of the extensions sorted by year */
821:extension_index *extension_indices;
822:/* String of extra extensions. */
823:char *extra_extensions = get_extension_override(ctx);
824:GLboolean *base = (GLboolean *) &ctx->Extensions;
825:const struct extension *i;
826:unsigned j;
827:unsigned maxYear = ~0;
828:
829:/* Check if the MESA_EXTENSION_MAX_YEAR env var is set */
830:{
831:  const char *env = getenv("MESA_EXTENSION_MAX_YEAR");
832:  if (env) {
833:     maxYear = atoi(env);
834:     _mesa_debug(ctx, "Note: limiting GL extensions to %u or earlier\n",
835:                 maxYear);
836:  }
837:}
838:
839:/* Compute length of the extension string. */
840:count = 0;
841:for (i = extension_table; i->name != 0; ++i) {
842:   if (base[i->offset] &&
843:      i->year <= maxYear &&
844:      (i->api_set & (1 << ctx->API))) {
845:    length += strlen(i->name) + 1; /* +1 for space */
846:     ++count;
847:  }
848:}
849:if (extra_extensions != NULL)
850:  length += 1 + strlen(extra_extensions); /* +1 for space */
851: 
852:exts = (char *) calloc(ALIGN(length + 1, 4), sizeof(char));
853:if (exts == NULL) {
854:  free(extra_extensions);
855:  return NULL;
856:}
857:
858:extension_indices = malloc(count * sizeof(extension_index));
859:if (extension_indices == NULL) {
860:  free(exts);
861:  free(extra_extensions);
862:  return NULL;
863:}
...
}

-- 
Configure bugmail: https://bugs.freedesktop.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

More information about the mesa-dev mailing list