[Mesa-dev] [MR] anv: fix use after free when copying nir_xfb_info
apinheiro
apinheiro at igalia.com
Wed Mar 13 14:26:25 UTC 2019
https://gitlab.freedesktop.org/mesa/mesa/merge_requests/442
After adding varyings to nir_xfb_info, I added varyings as a pointer,
and replaced outputs[0] for also a pointer, so now both needed to be
allocated. But anv was copying such xfb info as: *xfb_info = *xfb_info_in
So after my changes, that line was assigning the outputs pointer,
instead of copying. Then xfb_info_in was freed, and that included their
outputs, that now are xfb_info outputs too. Unfourtunately, as as with
other use after free crashes, the crash didn't happen always, just with
some configurations. And that included not crashing on Intel CI.
Thanks @jasuarez <https://gitlab.freedesktop.org/jasuarez> for pinging
me with this issue.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.freedesktop.org/archives/mesa-dev/attachments/20190313/f64166c3/attachment.html>
More information about the mesa-dev
mailing list