[Mesa-dev] [PATCH 2/3] util: added pipe_surface_release() function
Brian Paul
brianp at vmware.com
Fri Nov 30 10:19:53 PST 2012
To fix a pipe_context::surface_destroy() use-after-free problem.
We previously added pipe_sampler_view_release() for similar reasons.
Note: this is a candidate for the stable branches.
---
src/gallium/auxiliary/util/u_inlines.h | 16 ++++++++++++++++
1 files changed, 16 insertions(+), 0 deletions(-)
diff --git a/src/gallium/auxiliary/util/u_inlines.h b/src/gallium/auxiliary/util/u_inlines.h
index 6ef5fec..cb06ee2 100644
--- a/src/gallium/auxiliary/util/u_inlines.h
+++ b/src/gallium/auxiliary/util/u_inlines.h
@@ -114,6 +114,22 @@ pipe_surface_reference(struct pipe_surface **ptr, struct pipe_surface *surf)
*ptr = surf;
}
+/**
+ * Similar to pipe_surface_reference() but always set the pointer to NULL
+ * and pass in an explicit context. The explicit context avoids the problem
+ * of using a deleted context's surface_destroy() method when freeing a surface
+ * that's shared by multiple contexts.
+ */
+static INLINE void
+pipe_surface_release(struct pipe_context *pipe, struct pipe_surface **ptr)
+{
+ if (pipe_reference_described(&(*ptr)->reference, NULL,
+ (debug_reference_descriptor)debug_describe_surface))
+ pipe->surface_destroy(pipe, *ptr);
+ *ptr = NULL;
+}
+
+
static INLINE void
pipe_resource_reference(struct pipe_resource **ptr, struct pipe_resource *tex)
{
--
1.7.3.4
More information about the mesa-dev
mailing list