[Mesa-dev] [PATCH] svga: Prevent use after free.
Jose Fonseca
jfonseca at vmware.com
Mon Jan 22 21:12:18 UTC 2018
On 22/01/18 15:44, Emil Velikov wrote:
> On 22 January 2018 at 15:13, Jose Fonseca <jfonseca at vmware.com> wrote:
>> Courtesy of clang static analyzer.
>>
>> I was hunting for potential sources of memory corruption using Mesa with
>> a GL trace, and happened to find this (unrelated) issue.
>> ---
>> src/gallium/drivers/svga/svga_context.c | 1 +
>> 1 file changed, 1 insertion(+)
>>
>> diff --git a/src/gallium/drivers/svga/svga_context.c b/src/gallium/drivers/svga/svga_context.c
>> index 546b9f48b1..af16a99b72 100644
>> --- a/src/gallium/drivers/svga/svga_context.c
>> +++ b/src/gallium/drivers/svga/svga_context.c
>> @@ -327,6 +327,7 @@ cleanup:
>> util_bitmask_destroy(svga->stream_output_id_bm);
>> util_bitmask_destroy(svga->query_id_bm);
>> FREE(svga);
>> + svga = NULL;
>>
>> done:
>> SVGA_STATS_TIME_POP(svgascreen->sws);
>
> Seems like the most important line is just outside of context. Namely:
>
> return svga ? &svga->pipe:NULL;
yep.
> Cc: mesa-stable at lists.freedesktop.org
> Reviewed-by: Emil Velikov <emil.l.velikov at gmail.com>
thanks.
Jose
More information about the mesa-dev
mailing list