Skip to content
Snippets Groups Projects
  1. Mar 29, 2017
  2. Mar 27, 2017
  3. Mar 23, 2017
  4. Mar 21, 2017
    • Rob Clark's avatar
      freedreno: fix potential use-after-free on a5xx+ · 2b7453f4
      Rob Clark authored
      
      Something that valgrind spotted:
      
      ==8441== Invalid read of size 4
      ==8441==    at 0x5DEE168: msm_ringbuffer_emit_reloc (msm_ringbuffer.c:506)
      ==8441==    by 0x5B48F0F: OUT_RELOCW (freedreno_util.h:241)
      ==8441==    by 0x5B48F0F: fd5_emit_blit (fd5_emit.h:131)
      ==8441==    by 0x5B48F0F: emit_gmem2mem_surf.isra.12 (fd5_gmem.c:450)
      ==8441==    by 0x5B4910F: fd5_emit_tile_gmem2mem (fd5_gmem.c:477)
      ==8441==    by 0x5B14943: render_tiles (freedreno_gmem.c:342)
      ==8441==    by 0x5B14943: fd_gmem_render_tiles (freedreno_gmem.c:416)
      ==8441==    by 0x5B0FBA7: batch_flush (freedreno_batch.c:281)
      ==8441==    by 0x5B0FBA7: fd_batch_flush (freedreno_batch.c:306)
      ==8441==    by 0x5B11FE7: fd_context_flush (freedreno_context.c:52)
      ==8441==    by 0x58AD783: st_glFlush (st_cb_flush.c:121)
      ==8441==    by 0x5751EE7: _mesa_make_current (context.c:1652)
      ==8441==    by 0x58E6A97: st_api_make_current (st_manager.c:811)
      ==8441==    by 0x5A2CE43: dri_unbind_context (dri_context.c:207)
      ==8441==    by 0x5A2C77F: driUnbindContext (dri_util.c:589)
      ==8441==    by 0x4AC8A67: MakeContextCurrent (glxcurrent.c:214)
      ==8441==  Address 0x6f5eb1c is 204 bytes inside a block of size 240 free'd
      ==8441==    at 0x4868F44: realloc (vg_replace_malloc.c:785)
      ==8441==    by 0x5DEE143: msm_ringbuffer_emit_reloc (msm_ringbuffer.c:502)
      ==8441==    by 0x5B48F0F: OUT_RELOCW (freedreno_util.h:241)
      ==8441==    by 0x5B48F0F: fd5_emit_blit (fd5_emit.h:131)
      ==8441==    by 0x5B48F0F: emit_gmem2mem_surf.isra.12 (fd5_gmem.c:450)
      ==8441==    by 0x5B4910F: fd5_emit_tile_gmem2mem (fd5_gmem.c:477)
      ==8441==    by 0x5B14943: render_tiles (freedreno_gmem.c:342)
      ==8441==    by 0x5B14943: fd_gmem_render_tiles (freedreno_gmem.c:416)
      ==8441==    by 0x5B0FBA7: batch_flush (freedreno_batch.c:281)
      ==8441==    by 0x5B0FBA7: fd_batch_flush (freedreno_batch.c:306)
      ==8441==    by 0x5B11FE7: fd_context_flush (freedreno_context.c:52)
      ==8441==    by 0x58AD783: st_glFlush (st_cb_flush.c:121)
      ==8441==    by 0x5751EE7: _mesa_make_current (context.c:1652)
      ==8441==    by 0x58E6A97: st_api_make_current (st_manager.c:811)
      ==8441==    by 0x5A2CE43: dri_unbind_context (dri_context.c:207)
      ==8441==    by 0x5A2C77F: driUnbindContext (dri_util.c:589)
      ==8441==  Block was alloc'd at
      ==8441==    at 0x4868F44: realloc (vg_replace_malloc.c:785)
      ==8441==    by 0x5DEE08B: msm_ringbuffer_emit_reloc (msm_ringbuffer.c:481)
      ==8441==    by 0x5B48F0F: OUT_RELOCW (freedreno_util.h:241)
      ==8441==    by 0x5B48F0F: fd5_emit_blit (fd5_emit.h:131)
      ==8441==    by 0x5B48F0F: emit_gmem2mem_surf.isra.12 (fd5_gmem.c:450)
      ==8441==    by 0x5B4909F: fd5_emit_tile_gmem2mem (fd5_gmem.c:465)
      ==8441==    by 0x5B14943: render_tiles (freedreno_gmem.c:342)
      ==8441==    by 0x5B14943: fd_gmem_render_tiles (freedreno_gmem.c:416)
      ==8441==    by 0x5B0FBA7: batch_flush (freedreno_batch.c:281)
      ==8441==    by 0x5B0FBA7: fd_batch_flush (freedreno_batch.c:306)
      ==8441==    by 0x5B11FE7: fd_context_flush (freedreno_context.c:52)
      ==8441==    by 0x58AD783: st_glFlush (st_cb_flush.c:121)
      ==8441==    by 0x5751EE7: _mesa_make_current (context.c:1652)
      ==8441==    by 0x58E6A97: st_api_make_current (st_manager.c:811)
      ==8441==    by 0x5A2CE43: dri_unbind_context (dri_context.c:207)
      ==8441==    by 0x5A2C77F: driUnbindContext (dri_util.c:589)
      
      Signed-off-by: default avatarRob Clark <robclark@freedesktop.org>
      2b7453f4
  5. Mar 08, 2017
  6. Feb 28, 2017
  7. Feb 14, 2017
  8. Feb 11, 2017
  9. Feb 02, 2017
  10. Feb 01, 2017
  11. Jan 28, 2017
  12. Jan 27, 2017
Loading