svga_shader_expand will fall back to using non-malloced
memory for emit.buf if malloc fails. We should check if
the memory is malloced before freeing it in the error
path of svga_tgsi_vgpu9_translate.
---
All we need to do is check if emit->buf points to the err_buf.
I was surprised to see a function to do just that already exists
but has been commented out ever since the svga driver was added in
2009 (3192633d4abe262d413e41feb871fe8deed409d8). So obviously some
some thought had been put into this already but for whatever reason
it was commented out.
Note that this was found by static analysis and that the patch is
untested as I do not have the neccesary setup to do so.
src/gallium/drivers/svga/svga_tgsi.c | 4 +---
1 file changed, 1 insertion(+), 3 deletions(-)
diff --git a/src/gallium/drivers/svga/svga_tgsi.c
b/src/gallium/drivers/svga/svga_tgsi.c
index c62d4d6..e5a8ad2 100644
--- a/src/gallium/drivers/svga/svga_tgsi.c
+++ b/src/gallium/drivers/svga/svga_tgsi.c
@@ -50,14 +50,12 @@
*/
static char err_buf[128];
-#if 0
static void
svga_destroy_shader_emitter(struct svga_shader_emitter *emit)
{
if (emit->buf != err_buf)
FREE(emit->buf);
}
-#endif
static boolean
@@ -265,6 +263,6 @@ svga_tgsi_vgpu9_translate(struct svga_context *svga,
fail:
FREE(variant);
- FREE(emit.buf);
+ svga_destroy_shader_emitter(&emit);
return NULL;
}
--
2.5.5
_______________________________________________
mesa-dev mailing list
mesa-dev@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/mesa-dev
