[Mesa-dev] [PATCH] svga: avoid freeing non-malloced memory
Brian Paul
brianp at vmware.com
Fri Mar 25 21:05:44 UTC 2016
On 03/24/2016 04:36 PM, Thomas Hindoe Paaboel Andersen wrote:
> svga_shader_expand will fall back to using non-malloced
> memory for emit.buf if malloc fails. We should check if
> the memory is malloced before freeing it in the error
> path of svga_tgsi_vgpu9_translate.
> ---
> All we need to do is check if emit->buf points to the err_buf.
> I was surprised to see a function to do just that already exists
> but has been commented out ever since the svga driver was added in
> 2009 (3192633d4abe262d413e41feb871fe8deed409d8). So obviously some
> some thought had been put into this already but for whatever reason
> it was commented out.
>
> Note that this was found by static analysis and that the patch is
> untested as I do not have the neccesary setup to do so.
>
> src/gallium/drivers/svga/svga_tgsi.c | 4 +---
> 1 file changed, 1 insertion(+), 3 deletions(-)
>
> diff --git a/src/gallium/drivers/svga/svga_tgsi.c b/src/gallium/drivers/svga/svga_tgsi.c
> index c62d4d6..e5a8ad2 100644
> --- a/src/gallium/drivers/svga/svga_tgsi.c
> +++ b/src/gallium/drivers/svga/svga_tgsi.c
> @@ -50,14 +50,12 @@
> */
> static char err_buf[128];
>
> -#if 0
> static void
> svga_destroy_shader_emitter(struct svga_shader_emitter *emit)
> {
> if (emit->buf != err_buf)
> FREE(emit->buf);
> }
> -#endif
>
>
> static boolean
> @@ -265,6 +263,6 @@ svga_tgsi_vgpu9_translate(struct svga_context *svga,
>
> fail:
> FREE(variant);
> - FREE(emit.buf);
> + svga_destroy_shader_emitter(&emit);
> return NULL;
> }
>
Thanks for reporting this. It would be extremely rare for a
shader-sized malloc to fail here, but it's worth fixing.
I'd like to remove svga_destroy_shader_emitter() entirely. I'll post a
patch...
-Brian
More information about the mesa-dev
mailing list