<html>
  <head>

    <meta http-equiv="content-type" content="text/html; charset=UTF-8">
  </head>
  <body text="#000000" bgcolor="#FFFFFF">
    <p><a class="moz-txt-link-freetext" href="https://gitlab.freedesktop.org/mesa/mesa/merge_requests/442">https://gitlab.freedesktop.org/mesa/mesa/merge_requests/442</a></p>
    <div class="wiki">
      <p data-sourcepos="1:1-2:25" dir="auto">After adding varyings to
        nir_xfb_info, I added varyings as a pointer, and replaced
        outputs[0] for also a pointer, so now both needed to be
        allocated. But anv was copying such xfb info as:
        *xfb_info = *xfb_info_in</p>
      <p data-sourcepos="4:1-4:345" dir="auto">So after my changes, that
        line was assigning the outputs pointer, instead of copying. Then
        xfb_info_in was freed, and that included their outputs, that now
        are xfb_info outputs too. Unfourtunately, as as with other use
        after free crashes, the crash didn't happen always, just with
        some configurations. And that included not crashing on Intel CI.</p>
      <p data-sourcepos="6:1-6:48" dir="auto">Thanks <a
          href="https://gitlab.freedesktop.org/jasuarez"
          data-user="1085" data-reference-type="user"
          data-container="body" data-placement="bottom" class="gfm
          gfm-project_member" title="Juan Suárez Romero">@jasuarez</a>
        for pinging me with this issue.</p>
    </div>
  </body>
</html>