[virglrenderer-devel] [PATCH] vrend: fix memory leak in vrend_decode_create_ve

Li Qiang liq3ea at gmail.com
Sat Feb 25 11:03:29 UTC 2017


From: Li Qiang <liq3ea at gmail.com>

Free vertex element in error path.
This was introduced by this commit:
vrend: add sanity check for vertext buffer index.

Reported-by: Matthias Gerstner <mgerstner at suse.de>
Signed-off-by: Li Qiang <liq3ea at gmail.com>
---
 src/vrend_decode.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/src/vrend_decode.c b/src/vrend_decode.c
index 11ac1ed..e429369 100644
--- a/src/vrend_decode.c
+++ b/src/vrend_decode.c
@@ -613,8 +613,10 @@ static int vrend_decode_create_ve(struct vrend_decode_ctx *ctx, uint32_t handle,
          ve[i].instance_divisor = get_buf_entry(ctx, VIRGL_OBJ_VERTEX_ELEMENTS_V0_INSTANCE_DIVISOR(i));
          ve[i].vertex_buffer_index = get_buf_entry(ctx, VIRGL_OBJ_VERTEX_ELEMENTS_V0_VERTEX_BUFFER_INDEX(i));
 
-         if (ve[i].vertex_buffer_index >= PIPE_MAX_ATTRIBS)
+         if (ve[i].vertex_buffer_index >= PIPE_MAX_ATTRIBS) {
+            FREE(ve);
             return EINVAL;
+         }
 
          ve[i].src_format = get_buf_entry(ctx, VIRGL_OBJ_VERTEX_ELEMENTS_V0_SRC_FORMAT(i));
       }
-- 
2.7.4



More information about the virglrenderer-devel mailing list