[Mesa-dev] [PATCH] glu: src/libtess: memory has been freed using uninitialized pointer
Brian Paul
brianp at vmware.com
Wed Jan 2 12:38:43 PST 2013
On 12/19/2012 11:26 PM, Mike Gorchak wrote:
> Hi !
>
> I've attached the patch which fixes access to unitialized pointer
> during memory free operation.
>
> pqNewPriorityQ() function creates and setups PriorityQ structure, all
> except for the field "order". It is filled later in function pqInit().
> Depending on vertices of polygon which must be tesselated there
> possible following situation, pqDeletePriorityQ() is called right
> after pqNewPriorityQ() function. pqNewPriorityQ() tries to free memory
> using pq->order as pointer, which is unitialized at this point.
>
> P.S. Bug has been found by Victor Magalhaes while using my port of GLU
> library to OpenGL ES ( http://code.google.com/p/glues/ ). My port was
> based on the latest MESA/GLU sources.
Looks good to me. I'll commit this to the GLU git tree soon...
-Brian
More information about the mesa-dev
mailing list