[Mesa-dev] [PATCH] mesa/program_cache: calloc the correct size for the cache.

Carl Worth cworth at cworth.org
Wed Sep 3 13:47:10 PDT 2014 

Matt Turner <mattst88 at gmail.com> writes:
> git blaming that turns up a sloppy search and replace commit that
> replaced _mesa_calloc(x) (taking only one argument) with calloc(1, x),
> even when x was a multiplication expression.

Thanks for chasing that down.

> If someone wants to fix these up: git grep 'calloc.* \* '

Most of what that grep actually shows is harmless invocations along the
lines of:

	pdp = calloc(1, sizeof *pdp);

But there are a number of instances with actual multiplication
occurring in the second argument to calloc.

Here are the instances I found after culling through the grep results:

src/gallium/drivers/freedreno/a2xx/ir-a2xx.c:	ptr = dwords = calloc(1, 4 * info->sizedwords);
src/gallium/drivers/freedreno/ir3/ir3.c:	ptr = dwords = calloc(1, 4 * info->sizedwords);
src/gallium/drivers/r600/r600_asm.c:	bc->bytecode = calloc(1, bc->ndw * 4);
src/mapi/glapi/gen/gl_gentable.py:    struct _glapi_table *disp = calloc(1, _glapi_get_dispatch_table_size() * sizeof(_glapi_proc));
src/mesa/drivers/dri/common/utils.c:   configs = calloc(1, (num_modes + 1) * sizeof *configs);
src/mesa/drivers/dri/i965/brw_state_cache.c:      calloc(1, cache->size * sizeof(struct brw_cache_item *));
src/mesa/main/atifragshader.c:	 calloc(1, sizeof(struct atifs_instruction) *
src/mesa/main/atifragshader.c:	 calloc(1, sizeof(struct atifs_setupinst) *
src/mesa/program/prog_cache.c:         calloc(1, cache->size * sizeof(struct cache_item));
src/mesa/program/prog_instruction.c:      calloc(1, numInst * sizeof(struct prog_instruction));
src/mesa/program/prog_optimize.c:      calloc(1, prog->NumInstructions * sizeof(GLboolean));
src/mesa/program/prog_optimize.c:      calloc(1, prog->NumInstructions * sizeof(GLboolean));
src/mesa/program/prog_optimize.c:      calloc(1, prog->NumInstructions * sizeof(GLboolean));
src/mesa/program/prog_parameter.c:	 calloc(1, size * sizeof(struct gl_program_parameter));
src/mesa/vbo/vbo_exec_array.c:   prim = calloc(1, primcount * sizeof(*prim));

And here's another that isn't the same pattern, (no "1", so not part of
the same search/replace issue), but potentially still worth looking
at. Here, there are three things being multiplied. I haven't looked at
the ranges of the actual values to know if there is an issue with the
way these things are split across the arguments:

src/mesa/tnl/t_vertex.c:      vtx->vertex_buf = _mesa_align_calloc(vb_size * max_vertex_size, 32 );

Since the first list above is small enough, I'm happy to put together a
patch for this issue and trust that with peer review we can avoid
introducing any new bugs with the patch.

-Carl

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 818 bytes
Desc: not available
URL: <http://lists.freedesktop.org/archives/mesa-dev/attachments/20140903/1ec8bad9/attachment.sig>

More information about the mesa-dev mailing list