[Mesa-dev] [PATCH] egl: return EGL_BAD_ALLOC if _eglConvertAttribsToInt fails
Emil Velikov
emil.l.velikov at gmail.com
Tue May 26 18:20:48 PDT 2015
On 27/05/15 00:12, Marek Olšák wrote:
> On Wed, May 27, 2015 at 3:07 AM, Emil Velikov <emil.l.velikov at gmail.com> wrote:
>> On 26/05/15 21:59, Marek Olšák wrote:
>>> From: Marek Olšák <marek.olsak at amd.com>
>>>
>>> This is a fix for the EGL 1.5 patch series.
>> Can you squash this with the offending patches (12 and 13). Pretty
>> please :-)
>>
>>> ---
>>> src/egl/main/eglapi.c | 25 +++++++++++++++++++------
>>> 1 file changed, 19 insertions(+), 6 deletions(-)
>>>
>>> diff --git a/src/egl/main/eglapi.c b/src/egl/main/eglapi.c
>>> index 7afc091..3df4968 100644
>>> --- a/src/egl/main/eglapi.c
>>> +++ b/src/egl/main/eglapi.c
>>> @@ -263,13 +263,14 @@ _eglConvertAttribsToInt(const EGLAttrib *attr_list)
>>> while (attr_list[size] != EGL_NONE)
>>> size += 2;
>>>
>>> - if (size) {
>>> - size += 1; /* add space for EGL_NONE */
>>> - int_attribs = malloc(size * sizeof(int_attribs[0]));
>>> + size += 1; /* add space for EGL_NONE */
>>>
>>> - for (i = 0; i < size; i++)
>>> - int_attribs[i] = attr_list[i];
>>> - }
>>> + int_attribs = malloc(size * sizeof(int_attribs[0]));
>>> + if (!int_attribs)
>>> + return NULL;
>>> +
>>> + for (i = 0; i < size; i++)
>>> + int_attribs[i] = attr_list[i];
>> Set the final value int_attrib[size] to EGL_NONE ?
>
> EGL_NONE is already set by the user, that's why "size" is always +1.
>
Most likely I'm missing something extremely obvious, so if you can bare
with me that'll be appreciated:
- First we walk through the attr_list, looking for the size (without
the sentinel/terminating EGL_NONE).
- Then we allocate a "size + 1" sized array and copy only the first
"size" elements.
- Thus the final element is garbage as we've used malloc().
- Then we feed the (non-termintated) array into the respective function
and things go... funny.
Thanks
Emil
More information about the mesa-dev
mailing list