Skip to content
Snippets Groups Projects
  1. Apr 04, 2017
  2. Apr 03, 2017
  3. Apr 01, 2017
  4. Mar 29, 2017
  5. Mar 27, 2017
  6. Mar 23, 2017
  7. Mar 21, 2017
    • Rob Clark's avatar
      freedreno: fix potential use-after-free on a5xx+ · 2b7453f4
      Rob Clark authored
      
      Something that valgrind spotted:
      
      ==8441== Invalid read of size 4
      ==8441==    at 0x5DEE168: msm_ringbuffer_emit_reloc (msm_ringbuffer.c:506)
      ==8441==    by 0x5B48F0F: OUT_RELOCW (freedreno_util.h:241)
      ==8441==    by 0x5B48F0F: fd5_emit_blit (fd5_emit.h:131)
      ==8441==    by 0x5B48F0F: emit_gmem2mem_surf.isra.12 (fd5_gmem.c:450)
      ==8441==    by 0x5B4910F: fd5_emit_tile_gmem2mem (fd5_gmem.c:477)
      ==8441==    by 0x5B14943: render_tiles (freedreno_gmem.c:342)
      ==8441==    by 0x5B14943: fd_gmem_render_tiles (freedreno_gmem.c:416)
      ==8441==    by 0x5B0FBA7: batch_flush (freedreno_batch.c:281)
      ==8441==    by 0x5B0FBA7: fd_batch_flush (freedreno_batch.c:306)
      ==8441==    by 0x5B11FE7: fd_context_flush (freedreno_context.c:52)
      ==8441==    by 0x58AD783: st_glFlush (st_cb_flush.c:121)
      ==8441==    by 0x5751EE7: _mesa_make_current (context.c:1652)
      ==8441==    by 0x58E6A97: st_api_make_current (st_manager.c:811)
      ==8441==    by 0x5A2CE43: dri_unbind_context (dri_context.c:207)
      ==8441==    by 0x5A2C77F: driUnbindContext (dri_util.c:589)
      ==8441==    by 0x4AC8A67: MakeContextCurrent (glxcurrent.c:214)
      ==8441==  Address 0x6f5eb1c is 204 bytes inside a block of size 240 free'd
      ==8441==    at 0x4868F44: realloc (vg_replace_malloc.c:785)
      ==8441==    by 0x5DEE143: msm_ringbuffer_emit_reloc (msm_ringbuffer.c:502)
      ==8441==    by 0x5B48F0F: OUT_RELOCW (freedreno_util.h:241)
      ==8441==    by 0x5B48F0F: fd5_emit_blit (fd5_emit.h:131)
      ==8441==    by 0x5B48F0F: emit_gmem2mem_surf.isra.12 (fd5_gmem.c:450)
      ==8441==    by 0x5B4910F: fd5_emit_tile_gmem2mem (fd5_gmem.c:477)
      ==8441==    by 0x5B14943: render_tiles (freedreno_gmem.c:342)
      ==8441==    by 0x5B14943: fd_gmem_render_tiles (freedreno_gmem.c:416)
      ==8441==    by 0x5B0FBA7: batch_flush (freedreno_batch.c:281)
      ==8441==    by 0x5B0FBA7: fd_batch_flush (freedreno_batch.c:306)
      ==8441==    by 0x5B11FE7: fd_context_flush (freedreno_context.c:52)
      ==8441==    by 0x58AD783: st_glFlush (st_cb_flush.c:121)
      ==8441==    by 0x5751EE7: _mesa_make_current (context.c:1652)
      ==8441==    by 0x58E6A97: st_api_make_current (st_manager.c:811)
      ==8441==    by 0x5A2CE43: dri_unbind_context (dri_context.c:207)
      ==8441==    by 0x5A2C77F: driUnbindContext (dri_util.c:589)
      ==8441==  Block was alloc'd at
      ==8441==    at 0x4868F44: realloc (vg_replace_malloc.c:785)
      ==8441==    by 0x5DEE08B: msm_ringbuffer_emit_reloc (msm_ringbuffer.c:481)
      ==8441==    by 0x5B48F0F: OUT_RELOCW (freedreno_util.h:241)
      ==8441==    by 0x5B48F0F: fd5_emit_blit (fd5_emit.h:131)
      ==8441==    by 0x5B48F0F: emit_gmem2mem_surf.isra.12 (fd5_gmem.c:450)
      ==8441==    by 0x5B4909F: fd5_emit_tile_gmem2mem (fd5_gmem.c:465)
      ==8441==    by 0x5B14943: render_tiles (freedreno_gmem.c:342)
      ==8441==    by 0x5B14943: fd_gmem_render_tiles (freedreno_gmem.c:416)
      ==8441==    by 0x5B0FBA7: batch_flush (freedreno_batch.c:281)
      ==8441==    by 0x5B0FBA7: fd_batch_flush (freedreno_batch.c:306)
      ==8441==    by 0x5B11FE7: fd_context_flush (freedreno_context.c:52)
      ==8441==    by 0x58AD783: st_glFlush (st_cb_flush.c:121)
      ==8441==    by 0x5751EE7: _mesa_make_current (context.c:1652)
      ==8441==    by 0x58E6A97: st_api_make_current (st_manager.c:811)
      ==8441==    by 0x5A2CE43: dri_unbind_context (dri_context.c:207)
      ==8441==    by 0x5A2C77F: driUnbindContext (dri_util.c:589)
      
      Signed-off-by: default avatarRob Clark <robclark@freedesktop.org>
      2b7453f4
  8. Mar 08, 2017
  9. Feb 28, 2017
  10. Feb 14, 2017
  11. Feb 11, 2017
  12. Feb 02, 2017
Loading