Null-check on "*value" is currently done in
_eglGetSyncAttrib, which is after eglGetSyncAttribKHR
attempts to copy data at 'value' to 'attrib'. Segfault
is enevitable if value==NULL in this case. Therefore,
null-check should be moved to beginning of
eglGetSyncAttribKHR to avoid any possible segfaults.
Signed-off-by: Dongwon Kim <dongwon....@intel.com>
---
src/egl/main/eglapi.c | 10 ++++++++--
src/egl/main/eglsync.c | 3 ---
2 files changed, 8 insertions(+), 5 deletions(-)
diff --git a/src/egl/main/eglapi.c b/src/egl/main/eglapi.c
index 323634e..32f6823 100644
--- a/src/egl/main/eglapi.c
+++ b/src/egl/main/eglapi.c
@@ -1555,8 +1555,14 @@ eglGetSyncAttrib(EGLDisplay dpy, EGLSync sync, EGLint
attribute, EGLAttrib *valu
static EGLBoolean EGLAPIENTRY
eglGetSyncAttribKHR(EGLDisplay dpy, EGLSync sync, EGLint attribute, EGLint
*value)
{
- EGLAttrib attrib = *value;
- EGLBoolean result = eglGetSyncAttrib(dpy, sync, attribute, &attrib);
+ EGLAttrib attrib;
+ EGLBoolean result;
+
+ if (!value)
+ RETURN_EGL_ERROR(NULL, EGL_BAD_PARAMETER, EGL_FALSE);
+
+ attrib = *value;
+ result = eglGetSyncAttrib(dpy, sync, attribute, &attrib);
/* The EGL_KHR_fence_sync spec says this about eglGetSyncAttribKHR:
*
diff --git a/src/egl/main/eglsync.c b/src/egl/main/eglsync.c
index 3019e6e..999cb48 100644
--- a/src/egl/main/eglsync.c
+++ b/src/egl/main/eglsync.c
@@ -144,9 +144,6 @@ EGLBoolean
_eglGetSyncAttrib(_EGLDriver *drv, _EGLDisplay *dpy, _EGLSync *sync,
EGLint attribute, EGLAttrib *value)
{
- if (!value)
- return _eglError(EGL_BAD_PARAMETER, "eglGetSyncAttribKHR");
-
switch (attribute) {
case EGL_SYNC_TYPE_KHR:
*value = sync->Type;
--
1.9.1
_______________________________________________
mesa-dev mailing list
mesa-dev@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/mesa-dev
