summaryrefslogtreecommitdiffstats
path: root/src/gallium/drivers/r600
diff options
context:
space:
mode:
authorJan Vesely <[email protected]>2014-06-23 10:39:00 -0400
committerTom Stellard <[email protected]>2014-06-24 12:04:54 -0400
commit0c181cdc6c0efdd98927b010239e0376399cecbf (patch)
treefdb615c44a22dec1da84fed848a11e0fcb2b88b2 /src/gallium/drivers/r600
parenta59f2bb17bcc78e09653391748549e7973990798 (diff)
r600: Fix use after free in compute_memory_promote_item.
The dst pointer needs to be initialized after any calls to compute_memory_grow_pool, as the function might change the pool->vbo pointer. This fixes crashes and assertion failures in two gegl tests. Reviewed-by: Bruno JimĂ©nez <[email protected]> Signed-off-by: Jan Vesely <[email protected]>
Diffstat (limited to 'src/gallium/drivers/r600')
-rw-r--r--src/gallium/drivers/r600/compute_memory_pool.c3
1 files changed, 2 insertions, 1 deletions
diff --git a/src/gallium/drivers/r600/compute_memory_pool.c b/src/gallium/drivers/r600/compute_memory_pool.c
index 518ea654e40..691c9383f15 100644
--- a/src/gallium/drivers/r600/compute_memory_pool.c
+++ b/src/gallium/drivers/r600/compute_memory_pool.c
@@ -308,8 +308,8 @@ int compute_memory_promote_item(struct compute_memory_pool *pool,
{
struct pipe_screen *screen = (struct pipe_screen *)pool->screen;
struct r600_context *rctx = (struct r600_context *)pipe;
- struct pipe_resource *dst = (struct pipe_resource *)pool->bo;
struct pipe_resource *src = (struct pipe_resource *)item->real_buffer;
+ struct pipe_resource *dst = NULL;
struct pipe_box box;
struct list_head *pos;
@@ -336,6 +336,7 @@ int compute_memory_promote_item(struct compute_memory_pool *pool,
if (err == -1)
return -1;
}
+ dst = (struct pipe_resource *)pool->bo;
COMPUTE_DBG(pool->screen, " + Found space for Item %p id = %u "
"start_in_dw = %u (%u bytes) size_in_dw = %u (%u bytes)\n",
item, item->id, start_in_dw, start_in_dw * 4,