[Mesa-dev] [PATCH] gallium/hud: prevent NULL pointer dereference with pipe_query functions
Marek Olšák
maraeo at gmail.com
Fri Jun 26 01:37:59 PDT 2015
Reviewed-by: Marek Olšák <marek.olsak at amd.com>
Marek
On Wed, Jun 24, 2015 at 9:26 PM, Samuel Pitoiset
<samuel.pitoiset at gmail.com> wrote:
> The HUD doesn't check if query_create() fails and it calls other
> pipe_query functions with NULL pointer instead of a valid query object.
>
> Signed-off-by: Samuel Pitoiset <samuel.pitoiset at gmail.com>
> ---
> src/gallium/auxiliary/hud/hud_driver_query.c | 14 ++++++++------
> 1 file changed, 8 insertions(+), 6 deletions(-)
>
> diff --git a/src/gallium/auxiliary/hud/hud_driver_query.c b/src/gallium/auxiliary/hud/hud_driver_query.c
> index 603aba7..ee71678 100644
> --- a/src/gallium/auxiliary/hud/hud_driver_query.c
> +++ b/src/gallium/auxiliary/hud/hud_driver_query.c
> @@ -62,7 +62,8 @@ query_new_value(struct hud_graph *gr)
> uint64_t now = os_time_get();
>
> if (info->last_time) {
> - pipe->end_query(pipe, info->query[info->head]);
> + if (info->query[info->head])
> + pipe->end_query(pipe, info->query[info->head]);
>
> /* read query results */
> while (1) {
> @@ -70,7 +71,7 @@ query_new_value(struct hud_graph *gr)
> union pipe_query_result result;
> uint64_t *res64 = (uint64_t *)&result;
>
> - if (pipe->get_query_result(pipe, query, FALSE, &result)) {
> + if (query && pipe->get_query_result(pipe, query, FALSE, &result)) {
> info->results_cumulative += res64[info->result_index];
> info->num_results++;
>
> @@ -88,7 +89,8 @@ query_new_value(struct hud_graph *gr)
> "gallium_hud: all queries are busy after %i frames, "
> "can't add another query\n",
> NUM_QUERIES);
> - pipe->destroy_query(pipe, info->query[info->head]);
> + if (info->query[info->head])
> + pipe->destroy_query(pipe, info->query[info->head]);
> info->query[info->head] =
> pipe->create_query(pipe, info->query_type, 0);
> }
> @@ -113,15 +115,15 @@ query_new_value(struct hud_graph *gr)
> info->results_cumulative = 0;
> info->num_results = 0;
> }
> -
> - pipe->begin_query(pipe, info->query[info->head]);
> }
> else {
> /* initialize */
> info->last_time = now;
> info->query[info->head] = pipe->create_query(pipe, info->query_type, 0);
> - pipe->begin_query(pipe, info->query[info->head]);
> }
> +
> + if (info->query[info->head])
> + pipe->begin_query(pipe, info->query[info->head]);
> }
>
> static void
> --
> 2.4.4
>
> _______________________________________________
> mesa-dev mailing list
> mesa-dev at lists.freedesktop.org
> http://lists.freedesktop.org/mailman/listinfo/mesa-dev
More information about the mesa-dev
mailing list