[virglrenderer-devel] [PATCH virglrenderer] shader: avoid use after free
Marc-André Lureau
marcandre.lureau at gmail.com
Tue Mar 29 21:41:48 UTC 2016
ping
On Fri, Mar 18, 2016 at 11:18 PM, <marcandre.lureau at redhat.com> wrote:
> From: Marc-André Lureau <marcandre.lureau at redhat.com>
>
> If the shader failed to be finished, it should be removed from the
> hashtable if it was already inserted. Use the goto error path in this
> case to handle shader destroy and prevent potential later lookup of
> invalid shader from the hashtable.
>
> Signed-off-by: Marc-André Lureau <marcandre.lureau at redhat.com>
> ---
> src/vrend_renderer.c | 9 +++++----
> 1 file changed, 5 insertions(+), 4 deletions(-)
>
> diff --git a/src/vrend_renderer.c b/src/vrend_renderer.c
> index d652da5..1249193 100644
> --- a/src/vrend_renderer.c
> +++ b/src/vrend_renderer.c
> @@ -2147,7 +2147,6 @@ static int vrend_finish_shader(struct vrend_context *ctx,
>
> r = vrend_shader_select(ctx, sel, NULL);
> if (r) {
> - vrend_destroy_shader_selector(sel);
> return EINVAL;
> }
> return 0;
> @@ -2247,9 +2246,11 @@ int vrend_create_shader(struct vrend_context *ctx,
> goto error;
> }
>
> - if (vrend_finish_shader(ctx, sel, tokens))
> - new_shader = false;
> - else {
> + if (vrend_finish_shader(ctx, sel, tokens)) {
> + free(tokens);
> + ret = EINVAL;
> + goto error;
> + } else {
> free(sel->tmp_buf);
> sel->tmp_buf = NULL;
> }
> --
> 2.5.0
>
--
Marc-André Lureau
More information about the virglrenderer-devel
mailing list