xf86-video-intel: 2 commits - src/sna/gen2_render.c src/sna/kgem.c
Chris Wilson
ickle at kemper.freedesktop.org
Sat Nov 10 09:00:01 PST 2012
src/sna/gen2_render.c | 4 ++++
src/sna/kgem.c | 2 +-
2 files changed, 5 insertions(+), 1 deletion(-)
New commits:
commit 94dd0b9ee9f55e7c09b8c0ee18939fa69ce66da2
Author: Chris Wilson <chris at chris-wilson.co.uk>
Date: Sat Nov 10 16:52:09 2012 +0000
sna/gen2: Fix use of uninitialised redirection
==29553== Invalid read of size 4
==29553== at 0x4980E1B: _list_del (intel_list.h:218)
==29553== by 0x4980EB3: list_del (intel_list.h:240)
==29553== by 0x4981F53: free_list (sna_damage.c:403)
==29553== by 0x4985139: __sna_damage_destroy (sna_damage.c:1467)
==29553== by 0x49A527E: sna_render_composite_redirect_done (sna_render.c:1921)
==29553== by 0x49C6904: gen2_render_composite_done (gen2_render.c:1136)
==29553== by 0x497F917: sna_composite (sna_composite.c:567)
==29553== by 0x8150C41: ??? (in /usr/bin/Xorg)
==29553== by 0x8142F13: CompositePicture (in /usr/bin/Xorg)
==29553== by 0x8145F58: ??? (in /usr/bin/Xorg)
==29553== by 0x81436F2: ??? (in /usr/bin/Xorg)
==29553== by 0x807965C: ??? (in /usr/bin/Xorg)
==29553== Address 0x9407e188 is not stack'd, malloc'd or (recently) free'd
Reported-by: bonbons67 at internet.lu
Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=56785
Signed-off-by: Chris Wilson <chris at chris-wilson.co.uk>
diff --git a/src/sna/gen2_render.c b/src/sna/gen2_render.c
index 6e51c18..9663dff 100644
--- a/src/sna/gen2_render.c
+++ b/src/sna/gen2_render.c
@@ -1803,6 +1803,8 @@ gen2_render_composite(struct sna *sna,
}
tmp->op = op;
+
+ sna_render_composite_redirect_init(tmp);
if (too_large(tmp->dst.width, tmp->dst.height) ||
tmp->dst.bo->pitch > MAX_3D_PITCH) {
if (!sna_render_composite_redirect(sna, tmp,
@@ -2298,6 +2300,8 @@ gen2_render_composite_spans(struct sna *sna,
}
tmp->base.op = op;
+
+ sna_render_composite_redirect_init(&tmp->base);
if (too_large(tmp->base.dst.width, tmp->base.dst.height) ||
tmp->base.dst.bo->pitch > MAX_3D_PITCH) {
if (!sna_render_composite_redirect(sna, &tmp->base,
commit 0f1c30818c9d782b066147448bbcc9ac95ac834f
Author: Chris Wilson <chris at chris-wilson.co.uk>
Date: Sat Nov 10 16:52:09 2012 +0000
sna: Fix use of uninitialised value in DBG
==29553== Use of uninitialised value of size 4
==29553== at 0x4230964: _itoa_word (_itoa.c:195)
==29553== by 0x4233F7F: vfprintf (vfprintf.c:1602)
==29553== by 0x42FAFAD: __vsnprintf_chk (vsnprintf_chk.c:65)
==29553== by 0x81DBE8E: Xvscnprintf (in /usr/bin/Xorg)
==29553== by 0x81DC8FB: LogVMessageVerb (in /usr/bin/Xorg)
==29553== by 0x81DCA62: LogVWrite (in /usr/bin/Xorg)
==29553== by 0x81DCA9B: VErrorF (in /usr/bin/Xorg)
==29553== by 0x81DC333: ErrorF (in /usr/bin/Xorg)
==29553== by 0x49434F0: kgem_create_buffer (kgem.c:4887)
==29553== by 0x4943B09: kgem_create_buffer_2d (kgem.c:4969)
==29553== by 0x4943E19: kgem_upload_source_image (kgem.c:5021)
==29553== by 0x49A0567: upload (sna_render.c:505)
==29553==
Reported-by: bonbons67 at internet.lu
References: https://bugs.freedesktop.org/show_bug.cgi?id=56785
Signed-off-by: Chris Wilson <chris at chris-wilson.co.uk>
diff --git a/src/sna/kgem.c b/src/sna/kgem.c
index 28e69c3..4fb8a6f 100644
--- a/src/sna/kgem.c
+++ b/src/sna/kgem.c
@@ -4885,7 +4885,7 @@ struct kgem_bo *kgem_create_buffer(struct kgem *kgem,
}
DBG(("%s: created handle=%d for buffer\n",
- __FUNCTION__, bo->base.handle));
+ __FUNCTION__, handle));
__kgem_bo_init(&bo->base, handle, alloc);
debug_alloc(kgem, alloc * PAGE_SIZE);
More information about the xorg-commit
mailing list