[Mesa-dev] Fwd: New Defects reported by Coverity Scan for Mesa
Matt Turner
mattst88 at gmail.com
Wed Nov 16 00:21:27 UTC 2016
Jordan,
In
commit 0041169cacb300a882b4dc38cd341f98bf2a7c38
Author: Jordan Justen <jordan.l.justen at intel.com>
Date: Fri Oct 21 12:56:49 2016 +0100
i965: Wrap MCS miptree in intel_miptree_aux_buffer
you changed intel_miptree_alloc_mcs() to return mt->mcs_buf != NULL.
mt->mcs_buf is assigned a few lines higher the result of
intel_mcs_miptree_buf_create(), which may return NULL. Then, inside
intel_miptree_init_mcs(), mt->mcs_buf is unconditionally dereferenced
multiple times (and even free()d without setting the pointer to NULL
afterwards).
This seems very broken.
________________________________________________________________________________________________________
*** CID 1394290: Null pointer dereferences (REVERSE_INULL)
/src/mesa/drivers/dri/i965/intel_mipmap_tree.c: 1610 in
intel_miptree_alloc_mcs()
1604 mt->logical_width0,
1605 mt->logical_height0,
1606 MIPTREE_LAYOUT_ACCELERATED_UPLOAD);
1607
1608 intel_miptree_init_mcs(brw, mt, 0xFF);
1609
>>> CID 1394290: Null pointer dereferences (REVERSE_INULL)
>>> Null-checking "mt->mcs_buf" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
1610 return mt->mcs_buf != NULL;
1611 }
1612
1613
1614 bool
1615 intel_miptree_alloc_non_msrt_mcs(struct brw_context *brw,
More information about the mesa-dev
mailing list