[Mesa-dev] [PATCH v2] i965: Check return value of screen->image.loader->getBuffers

Tomasz Figa tfiga at chromium.org
Mon Jun 13 10:56:59 UTC 2016 

Please disregard this one. Forgot to add change log and update the
subject with version suffix. Fixed and resent already. Sorry for the
noise.

On Mon, Jun 13, 2016 at 7:48 PM, Tomasz Figa <tfiga at chromium.org> wrote:
> The images struct is an uninitialized local variable on the stack. If the
> callback returns 0, the struct might not have been updated and so should
> be considered uninitialized. Currently the code ignores the return value,
> which (depending on stack contents) might end up in reading a non-zero
> value from images.image_mask and dereferencing further fields.
>
> Another solution would be to initialize image_mask with 0, but checking
> the return value seems more sensible and it is what Gallium is doing.
>
> Signed-off-by: Tomasz Figa <tfiga at chromium.org>
> ---
>  src/mesa/drivers/dri/i965/brw_context.c | 15 +++++++++------
>  1 file changed, 9 insertions(+), 6 deletions(-)
>
> diff --git a/src/mesa/drivers/dri/i965/brw_context.c b/src/mesa/drivers/dri/i965/brw_context.c
> index 7bbc128..0861b6e 100644
> --- a/src/mesa/drivers/dri/i965/brw_context.c
> +++ b/src/mesa/drivers/dri/i965/brw_context.c
> @@ -1645,6 +1645,7 @@ intel_update_image_buffers(struct brw_context *brw, __DRIdrawable *drawable)
>     struct __DRIimageList images;
>     unsigned int format;
>     uint32_t buffer_mask = 0;
> +   int ret;
>
>     front_rb = intel_get_renderbuffer(fb, BUFFER_FRONT_LEFT);
>     back_rb = intel_get_renderbuffer(fb, BUFFER_BACK_LEFT);
> @@ -1664,12 +1665,14 @@ intel_update_image_buffers(struct brw_context *brw, __DRIdrawable *drawable)
>     if (back_rb)
>        buffer_mask |= __DRI_IMAGE_BUFFER_BACK;
>
> -   (*screen->image.loader->getBuffers) (drawable,
> -                                        driGLFormatToImageFormat(format),
> -                                        &drawable->dri2.stamp,
> -                                        drawable->loaderPrivate,
> -                                        buffer_mask,
> -                                        &images);
> +   ret = screen->image.loader->getBuffers(drawable,
> +                                          driGLFormatToImageFormat(format),
> +                                          &drawable->dri2.stamp,
> +                                          drawable->loaderPrivate,
> +                                          buffer_mask,
> +                                          &images);
> +   if (!ret)
> +      return;
>
>     if (images.image_mask & __DRI_IMAGE_BUFFER_FRONT) {
>        drawable->w = images.front->width;
> --
> 2.8.0.rc3.226.g39d4020
>

More information about the mesa-dev mailing list