[Mesa-dev] [PATCH] svga: avoid freeing non-malloced memory

Brian Paul brianp at vmware.com
Fri Mar 25 21:05:44 UTC 2016


On 03/24/2016 04:36 PM, Thomas Hindoe Paaboel Andersen wrote:
> svga_shader_expand will fall back to using non-malloced
> memory for emit.buf if malloc fails. We should check if
> the memory is malloced before freeing it in the error
> path of svga_tgsi_vgpu9_translate.
> ---
> All we need to do is check if emit->buf points to the err_buf.
> I was surprised to see a function to do just that already exists
> but has been commented out ever since the svga driver was added in
> 2009 (3192633d4abe262d413e41feb871fe8deed409d8). So obviously some
> some thought had been put into this already but for whatever reason
> it was commented out.
>
> Note that this was found by static analysis and that the patch is
> untested as I do not have the neccesary setup to do so.
>
>   src/gallium/drivers/svga/svga_tgsi.c | 4 +---
>   1 file changed, 1 insertion(+), 3 deletions(-)
>
> diff --git a/src/gallium/drivers/svga/svga_tgsi.c b/src/gallium/drivers/svga/svga_tgsi.c
> index c62d4d6..e5a8ad2 100644
> --- a/src/gallium/drivers/svga/svga_tgsi.c
> +++ b/src/gallium/drivers/svga/svga_tgsi.c
> @@ -50,14 +50,12 @@
>    */
>   static char err_buf[128];
>
> -#if 0
>   static void
>   svga_destroy_shader_emitter(struct svga_shader_emitter *emit)
>   {
>      if (emit->buf != err_buf)
>         FREE(emit->buf);
>   }
> -#endif
>
>
>   static boolean
> @@ -265,6 +263,6 @@ svga_tgsi_vgpu9_translate(struct svga_context *svga,
>
>    fail:
>      FREE(variant);
> -   FREE(emit.buf);
> +   svga_destroy_shader_emitter(&emit);
>      return NULL;
>   }
>

Thanks for reporting this.  It would be extremely rare for a 
shader-sized malloc to fail here, but it's worth fixing.

I'd like to remove svga_destroy_shader_emitter() entirely.  I'll post a 
patch...

-Brian



More information about the mesa-dev mailing list