[Mesa-dev] [PATCH] main: Avoid double-free of shader Label
Brian Paul
brianp at vmware.com
Thu Feb 13 10:09:54 PST 2014
On 02/13/2014 10:59 AM, Brian Paul wrote:
> On 02/13/2014 10:55 AM, Carl Worth wrote:
>> As documented, the _mesa_free_shader_program_data function:
>>
>> "Frees all the data that hangs off a shader program object, but not
>> the object itself."
>>
>> This means that this function may be called multiple times on the same
>> object,
>> (and has been observed to). Meanwhile, the shProg->Label field was not
>> being
>> set to NULL after its free(). This led to a second call to free() of
>> the same
>> address on the second call to this function.
>>
>> Fix this by setting this field to NULL after free(), (just as with all
>> other
>> calls to free() in this function).
>> ---
>> src/mesa/main/shaderobj.c | 1 +
>> 1 file changed, 1 insertion(+)
>>
>> diff --git a/src/mesa/main/shaderobj.c b/src/mesa/main/shaderobj.c
>> index 4f4bb69..d5c3d80 100644
>> --- a/src/mesa/main/shaderobj.c
>> +++ b/src/mesa/main/shaderobj.c
>> @@ -355,6 +355,7 @@ _mesa_free_shader_program_data(struct gl_context
>> *ctx,
>> }
>>
>> free(shProg->Label);
>> + shProg->Label = NULL;
>> }
>>
>>
>>
>
> Reviewed-by: Brian Paul <brianp at vmware.com>
Probably a candidate for the stable branches too, right?
-Brian
More information about the mesa-dev
mailing list