[Mesa-dev] [PATCH] i965: Don't leave dangling pointer to brw context on failure
Ian Romanick
idr at freedesktop.org
Mon Sep 3 11:28:36 PDT 2012
On Fri, Aug 31, 2012 at 09:54:40PM -0700, Kenneth Graunke wrote:
> On 08/31/2012 03:03 PM, Ian Romanick wrote:
> > From: Ian Romanick <ian.d.romanick at intel.com>
> >
> > Otherwise intelDestroyContext would try to dereference the pointer to
> > freed memory.
> >
> > NOTE: This is a candidate for the 9.0 branch.
> >
> > Signed-off-by: Ian Romanick <ian.d.romanick at intel.com>
> > Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=54301
> > ---
> > src/mesa/drivers/dri/i965/brw_context.c | 1 +
> > 1 file changed, 1 insertion(+)
> >
> > diff --git a/src/mesa/drivers/dri/i965/brw_context.c b/src/mesa/drivers/dri/i965/brw_context.c
> > index 4e5aed6..ab485c3 100644
> > --- a/src/mesa/drivers/dri/i965/brw_context.c
> > +++ b/src/mesa/drivers/dri/i965/brw_context.c
> > @@ -149,6 +149,7 @@ brwCreateContext(int api,
> > sharedContextPrivate, &functions )) {
> > printf("%s: failed to init intel context\n", __FUNCTION__);
> > FREE(brw);
> > + driContextPriv->driverPrivate = NULL;
> > *error = __DRI_CTX_ERROR_NO_MEMORY;
> > return false;
> > }
>
> I had a little bit of a hard time figuring out where the NULL check is.
> It looks like glXDestroyContext() checks.
>
> I doubt it can hurt, anyway.
> Reviewed-by: Kenneth Graunke <kenneth at whitecape.org>
Unfortunately it doesn't fix the bug. brwCreateContext returns
failure back to intelCreateContext (in intel_screen.c).
intelCreateContext sees the failure and calls intelDestroyContext (in
intel_context.c). intelDestroyContext checks that
driContextPriv->driverPrivate is not NULL, but it also has an
assertion (that it's not NULL) that missed the first time around.
Ugh.
More information about the mesa-dev
mailing list