[Mesa-dev] [PATCH] mesa: remove usage of alloca in externalobjects.c v3
Matt Turner
mattst88 at gmail.com
Wed Feb 7 19:28:10 UTC 2018
On Wed, Jan 31, 2018 at 11:03 AM, Andres Rodriguez <andresx7 at gmail.com> wrote:
> Don't want an overly large numBufferBarriers/numTextureBarriers to blow
> up the stack.
>
> v2: handle malloc errors
> v3: fix patch
>
> Suggested-by: Emil Velikov <emil.velikov at collabora.com>
> Signed-off-by: Andres Rodriguez <andresx7 at gmail.com>
> ---
> src/mesa/main/externalobjects.c | 48 +++++++++++++++++++++++++++++++++++------
> 1 file changed, 42 insertions(+), 6 deletions(-)
>
> diff --git a/src/mesa/main/externalobjects.c b/src/mesa/main/externalobjects.c
> index 463debd268..a28d6dba6f 100644
> --- a/src/mesa/main/externalobjects.c
> +++ b/src/mesa/main/externalobjects.c
> @@ -713,91 +713,127 @@ _mesa_WaitSemaphoreEXT(GLuint semaphore,
> const GLuint *buffers,
> GLuint numTextureBarriers,
> const GLuint *textures,
> const GLenum *srcLayouts)
> {
> GET_CURRENT_CONTEXT(ctx);
> struct gl_semaphore_object *semObj;
> struct gl_buffer_object **bufObjs;
> struct gl_texture_object **texObjs;
>
> + const char *func = "glWaitSemaphoreEXT";
> +
> if (!ctx->Extensions.EXT_semaphore) {
> - _mesa_error(ctx, GL_INVALID_OPERATION, "glWaitSemaphoreEXT(unsupported)");
> + _mesa_error(ctx, GL_INVALID_OPERATION, "%s(unsupported)", func);
> return;
> }
>
> ASSERT_OUTSIDE_BEGIN_END(ctx);
>
> semObj = _mesa_lookup_semaphore_object(ctx, semaphore);
> if (!semObj)
> return;
>
> FLUSH_VERTICES(ctx, 0);
> FLUSH_CURRENT(ctx, 0);
>
> - bufObjs = alloca(sizeof(struct gl_buffer_object **) * numBufferBarriers);
> + bufObjs = malloc(sizeof(struct gl_buffer_object **) * numBufferBarriers);
Coverity is noting that this is subtly wrong:
>>> Passing argument "8UL /* sizeof (struct gl_buffer_object **) */ * numBufferBarriers" to function "malloc" and then casting the return value to "struct gl_buffer_object **" is suspicious. In this particular case "sizeof (struct gl_buffer_object **)" happens to be equal to "sizeof (struct gl_buffer_object *)", but this is not a portable assumption.
800 bufObjs = malloc(sizeof(struct gl_buffer_object **) *
numBufferBarriers);
Same thing applies later in the same file for texObjs.
More information about the mesa-dev
mailing list