[Mesa-dev] [PATCH] glu: src/libtess: memory has been freed using uninitialized pointer
Mike Gorchak
mike.gorchak.qnx at gmail.com
Wed Dec 19 22:26:40 PST 2012
Hi !
I've attached the patch which fixes access to unitialized pointer during
memory free operation.
pqNewPriorityQ() function creates and setups PriorityQ structure, all
except for the field "order". It is filled later in function pqInit().
Depending on vertices of polygon which must be tesselated there possible
following situation, pqDeletePriorityQ() is called right after
pqNewPriorityQ() function. pqNewPriorityQ() tries to free memory using
pq->order as pointer, which is unitialized at this point.
P.S. Bug has been found by Victor Magalhaes while using my port of GLU
library to OpenGL ES ( http://code.google.com/p/glues/ ). My port was based
on the latest MESA/GLU sources.
Thanks.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freedesktop.org/archives/mesa-dev/attachments/20121220/17b25233/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: priorityq.diff
Type: application/octet-stream
Size: 241 bytes
Desc: not available
URL: <http://lists.freedesktop.org/archives/mesa-dev/attachments/20121220/17b25233/attachment.obj>
More information about the mesa-dev
mailing list