diff options
| author | Tomasz Figa <tfiga@chromium.org> | 2016-06-13 19:53:21 +0900 |
|---|---|---|
| committer | Emil Velikov <emil.l.velikov@gmail.com> | 2016-06-15 09:29:14 +0100 |
| commit | 966ee945580da266d52ec5cf53f7c4646dbf97d6 (patch) | |
| tree | 548607ab8aaf03f1fd9a839b29a69ae8dfe22bf9 | |
| parent | 8ed5204182e265ec671f24d5b15c2ef224b5a17a (diff) | |
| download | mesa-966ee945580da266d52ec5cf53f7c4646dbf97d6.tar.gz | |
i965: Check return value of screen->image.loader->getBuffers (v2)
The images struct is an uninitialized local variable on the stack. If the
callback returns 0, the struct might not have been updated and so should
be considered uninitialized. Currently the code ignores the return value,
which (depending on stack contents) might end up in reading a non-zero
value from images.image_mask and dereferencing further fields.
Another solution would be to initialize image_mask with 0, but checking
the return value seems more sensible and it is what Gallium is doing.
v2: fix typos in commit message,
fix indentation,
remove unnecessary parentheses and pointer dereference to keep line
length reasonable.
Cc: 11.2 12.0 <mesa-stable@lists.freedesktop.org>
Signed-off-by: Tomasz Figa <tfiga@chromium.org>
Reviewed-by: Emil Velikov <emil.velikov@collabora.com>
(cherry picked from commit e7ab358e8186dd8651cf920d4db1500c60ccd2fc)
| -rw-r--r-- | src/mesa/drivers/dri/i965/brw_context.c | 15 |
1 files changed, 9 insertions, 6 deletions
diff --git a/src/mesa/drivers/dri/i965/brw_context.c b/src/mesa/drivers/dri/i965/brw_context.c index 0f154148d96..7fde26f46f5 100644 --- a/src/mesa/drivers/dri/i965/brw_context.c +++ b/src/mesa/drivers/dri/i965/brw_context.c @@ -1646,6 +1646,7 @@ intel_update_image_buffers(struct brw_context *brw, __DRIdrawable *drawable) struct __DRIimageList images; unsigned int format; uint32_t buffer_mask = 0; + int ret; front_rb = intel_get_renderbuffer(fb, BUFFER_FRONT_LEFT); back_rb = intel_get_renderbuffer(fb, BUFFER_BACK_LEFT); @@ -1665,12 +1666,14 @@ intel_update_image_buffers(struct brw_context *brw, __DRIdrawable *drawable) if (back_rb) buffer_mask |= __DRI_IMAGE_BUFFER_BACK; - (*screen->image.loader->getBuffers) (drawable, - driGLFormatToImageFormat(format), - &drawable->dri2.stamp, - drawable->loaderPrivate, - buffer_mask, - &images); + ret = screen->image.loader->getBuffers(drawable, + driGLFormatToImageFormat(format), + &drawable->dri2.stamp, + drawable->loaderPrivate, + buffer_mask, + &images); + if (!ret) + return; if (images.image_mask & __DRI_IMAGE_BUFFER_FRONT) { drawable->w = images.front->width; |