[Mesa-dev] [Bug 89387] Double delete in lp_bld_misc.cpp

Sun Mar 1 15:12:26 PST 2015

https://bugs.freedesktop.org/show_bug.cgi?id=89387

            Bug ID: 89387
           Summary: Double delete in lp_bld_misc.cpp
           Product: Mesa
           Version: 10.5
          Hardware: Other
                OS: All
            Status: NEW
          Severity: normal
          Priority: medium
         Component: Mesa core
          Assignee: mesa-dev at lists.freedesktop.org
          Reporter: chris at cvine.freeserve.co.uk
        QA Contact: mesa-dev at lists.freedesktop.org

I have been asked in bug #86958 to open a separate bug about the resolution of
the compilation error reported there, where mesa is compiled against llvm>=3.6.

To fix that compilation error, at line 504 of file lp_bld_misc.cpp the
ShaderMemoryManager* object MM is passed to a unique_ptr object, which takes
ownership of MM.  However, in the event of the call to EngineBuilder::create()
at line 523 failing, at line 530 delete is called manually on MM, thus leading
to a possible double delete (since the destructor of the unique_ptr object
having ownership will also attempt to delete MM).

This may beg the question of what
EngineBuilder::setMCJITMemoryManager(ShaderMemoryManager*) does in llvm < 3.6. 
If that method also tries to delete its argument when finished with, you would
get a double delete in the error case (ie where EngineBuilder::create() fails)
for earlier versions of llvm also.  However, whatever the answer to that, the
fix for bug 86958 is on the fact of it wrong.

-- 
You are receiving this mail because:
You are the QA Contact for the bug.
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freedesktop.org/archives/mesa-dev/attachments/20150301/b5e92ba0/attachment.html>