[Mesa-dev] [PATCH 1/6] cso: Don't restore nr_samplers in cso_restore_fragment_samplers
Michel Dänzer
michel at daenzer.net
Fri Dec 16 09:52:02 UTC 2016
From: Michel Dänzer <michel.daenzer at amd.com>
If info->nr_samplers > ctx->nr_fragment_samplers_saved, the assignment
would prevent cso_single_sampler_done from unbinding the no longer used
samplers from the driver, which could result in use-after-free. This is
probably unlikely to happen in practice though.
Cc: "12.0 13.0" <mesa-stable at lists.freedesktop.org>
Signed-off-by: Michel Dänzer <michel.daenzer at amd.com>
---
src/gallium/auxiliary/cso_cache/cso_context.c | 1 -
1 file changed, 1 deletion(-)
diff --git a/src/gallium/auxiliary/cso_cache/cso_context.c b/src/gallium/auxiliary/cso_cache/cso_context.c
index 127e0711c2..2ee87f9184 100644
--- a/src/gallium/auxiliary/cso_cache/cso_context.c
+++ b/src/gallium/auxiliary/cso_cache/cso_context.c
@@ -1275,7 +1275,6 @@ cso_restore_fragment_samplers(struct cso_context *ctx)
{
struct sampler_info *info = &ctx->samplers[PIPE_SHADER_FRAGMENT];
- info->nr_samplers = ctx->nr_fragment_samplers_saved;
memcpy(info->samplers, ctx->fragment_samplers_saved,
sizeof(info->samplers));
cso_single_sampler_done(ctx, PIPE_SHADER_FRAGMENT);
--
2.11.0
More information about the mesa-dev
mailing list