Fix potential issues if state-tracker passes in garbage in templ->next ptr.
See: https://lists.freedesktop.org/archives/mesa-dev/2016-September/129867.html Signed-off-by: Rob Clark <robdcl...@gmail.com> --- src/gallium/drivers/freedreno/freedreno_resource.c | 2 ++ src/gallium/drivers/i915/i915_resource_buffer.c | 1 + src/gallium/drivers/i915/i915_resource_texture.c | 2 ++ src/gallium/drivers/ilo/ilo_resource.c | 2 ++ src/gallium/drivers/llvmpipe/lp_texture.c | 2 ++ src/gallium/drivers/noop/noop_pipe.c | 1 + src/gallium/drivers/nouveau/nouveau_buffer.c | 1 + src/gallium/drivers/nouveau/nv30/nv30_miptree.c | 2 ++ src/gallium/drivers/nouveau/nv50/nv50_miptree.c | 2 ++ src/gallium/drivers/nouveau/nvc0/nvc0_miptree.c | 1 + src/gallium/drivers/r300/r300_screen_buffer.c | 1 + src/gallium/drivers/r600/evergreen_compute.c | 1 + src/gallium/drivers/rbug/rbug_objects.c | 1 + src/gallium/drivers/softpipe/sp_texture.c | 2 ++ src/gallium/drivers/svga/svga_resource_buffer.c | 1 + src/gallium/drivers/svga/svga_resource_texture.c | 2 ++ src/gallium/drivers/swr/swr_screen.cpp | 1 + src/gallium/drivers/trace/tr_texture.c | 1 + src/gallium/drivers/vc4/vc4_resource.c | 1 + src/gallium/drivers/virgl/virgl_buffer.c | 1 + src/gallium/drivers/virgl/virgl_texture.c | 2 ++ 21 files changed, 30 insertions(+) diff --git a/src/gallium/drivers/freedreno/freedreno_resource.c b/src/gallium/drivers/freedreno/freedreno_resource.c index 1874271..2f37fae 100644 --- a/src/gallium/drivers/freedreno/freedreno_resource.c +++ b/src/gallium/drivers/freedreno/freedreno_resource.c @@ -795,6 +795,7 @@ fd_resource_create(struct pipe_screen *pscreen, return NULL; *prsc = *tmpl; + prsc->next = NULL; pipe_reference_init(&prsc->reference, 1); @@ -891,6 +892,7 @@ fd_resource_from_handle(struct pipe_screen *pscreen, return NULL; *prsc = *tmpl; + prsc->next = NULL; pipe_reference_init(&prsc->reference, 1); diff --git a/src/gallium/drivers/i915/i915_resource_buffer.c b/src/gallium/drivers/i915/i915_resource_buffer.c index 2572fc4..038b1bb 100644 --- a/src/gallium/drivers/i915/i915_resource_buffer.c +++ b/src/gallium/drivers/i915/i915_resource_buffer.c @@ -125,6 +125,7 @@ i915_buffer_create(struct pipe_screen *screen, return NULL; buf->b.b = *template; + buf->b.b.next = NULL; buf->b.vtbl = &i915_buffer_vtbl; pipe_reference_init(&buf->b.b.reference, 1); buf->b.b.screen = screen; diff --git a/src/gallium/drivers/i915/i915_resource_texture.c b/src/gallium/drivers/i915/i915_resource_texture.c index 4ade04f..a5e2f50 100644 --- a/src/gallium/drivers/i915/i915_resource_texture.c +++ b/src/gallium/drivers/i915/i915_resource_texture.c @@ -930,6 +930,7 @@ i915_texture_create(struct pipe_screen *screen, return NULL; tex->b.b = *template; + tex->b.b.next = NULL; tex->b.vtbl = &i915_texture_vtbl; pipe_reference_init(&tex->b.b.reference, 1); tex->b.b.screen = screen; @@ -1003,6 +1004,7 @@ i915_texture_from_handle(struct pipe_screen * screen, return NULL; tex->b.b = *template; + tex->b.b.next = NULL; tex->b.vtbl = &i915_texture_vtbl; pipe_reference_init(&tex->b.b.reference, 1); tex->b.b.screen = screen; diff --git a/src/gallium/drivers/ilo/ilo_resource.c b/src/gallium/drivers/ilo/ilo_resource.c index 5ca7e1b..fb294fb 100644 --- a/src/gallium/drivers/ilo/ilo_resource.c +++ b/src/gallium/drivers/ilo/ilo_resource.c @@ -555,6 +555,7 @@ tex_create(struct pipe_screen *screen, return NULL; tex->base = *templ; + tex->base.next = NULL; tex->base.screen = screen; pipe_reference_init(&tex->base.reference, 1); @@ -629,6 +630,7 @@ buf_create(struct pipe_screen *screen, const struct pipe_resource *templ) return NULL; buf->base = *templ; + buf->base.next = NULL; buf->base.screen = screen; pipe_reference_init(&buf->base.reference, 1); diff --git a/src/gallium/drivers/llvmpipe/lp_texture.c b/src/gallium/drivers/llvmpipe/lp_texture.c index 733253b..49d9c2f 100644 --- a/src/gallium/drivers/llvmpipe/lp_texture.c +++ b/src/gallium/drivers/llvmpipe/lp_texture.c @@ -247,6 +247,7 @@ llvmpipe_resource_create_front(struct pipe_screen *_screen, return NULL; lpr->base = *templat; + lpr->base.next = NULL; pipe_reference_init(&lpr->base.reference, 1); lpr->base.screen = &screen->base; @@ -448,6 +449,7 @@ llvmpipe_resource_from_handle(struct pipe_screen *screen, } lpr->base = *template; + lpr->base.next = NULL; pipe_reference_init(&lpr->base.reference, 1); lpr->base.screen = screen; diff --git a/src/gallium/drivers/noop/noop_pipe.c b/src/gallium/drivers/noop/noop_pipe.c index 3013019..0cbc370 100644 --- a/src/gallium/drivers/noop/noop_pipe.c +++ b/src/gallium/drivers/noop/noop_pipe.c @@ -107,6 +107,7 @@ static struct pipe_resource *noop_resource_create(struct pipe_screen *screen, stride = util_format_get_stride(templ->format, templ->width0); nresource->base = *templ; + nresource->base.next = NULL; nresource->base.screen = screen; nresource->size = stride * templ->height0 * templ->depth0; nresource->data = MALLOC(nresource->size); diff --git a/src/gallium/drivers/nouveau/nouveau_buffer.c b/src/gallium/drivers/nouveau/nouveau_buffer.c index 17052b2..b0b519c 100644 --- a/src/gallium/drivers/nouveau/nouveau_buffer.c +++ b/src/gallium/drivers/nouveau/nouveau_buffer.c @@ -649,6 +649,7 @@ nouveau_buffer_create(struct pipe_screen *pscreen, return NULL; buffer->base = *templ; + buffer->base.next = NULL; buffer->vtbl = &nouveau_buffer_vtbl; pipe_reference_init(&buffer->base.reference, 1); buffer->base.screen = pscreen; diff --git a/src/gallium/drivers/nouveau/nv30/nv30_miptree.c b/src/gallium/drivers/nouveau/nv30/nv30_miptree.c index 165b8f2..f56caf6 100644 --- a/src/gallium/drivers/nouveau/nv30/nv30_miptree.c +++ b/src/gallium/drivers/nouveau/nv30/nv30_miptree.c @@ -391,6 +391,7 @@ nv30_miptree_create(struct pipe_screen *pscreen, mt->base.vtbl = &nv30_miptree_vtbl; *pt = *tmpl; + pt->next = NULL; pipe_reference_init(&pt->reference, 1); pt->screen = pscreen; @@ -484,6 +485,7 @@ nv30_miptree_from_handle(struct pipe_screen *pscreen, } mt->base.base = *tmpl; + mt->base.base.next = NULL; mt->base.vtbl = &nv30_miptree_vtbl; pipe_reference_init(&mt->base.base.reference, 1); mt->base.base.screen = pscreen; diff --git a/src/gallium/drivers/nouveau/nv50/nv50_miptree.c b/src/gallium/drivers/nouveau/nv50/nv50_miptree.c index f2e304f..d9ffae3 100644 --- a/src/gallium/drivers/nouveau/nv50/nv50_miptree.c +++ b/src/gallium/drivers/nouveau/nv50/nv50_miptree.c @@ -348,6 +348,7 @@ nv50_miptree_create(struct pipe_screen *pscreen, mt->base.vtbl = &nv50_miptree_vtbl; *pt = *templ; + pt->next = NULL; pipe_reference_init(&pt->reference, 1); pt->screen = pscreen; @@ -426,6 +427,7 @@ nv50_miptree_from_handle(struct pipe_screen *pscreen, mt->base.address = mt->base.bo->offset; mt->base.base = *templ; + mt->base.base.next = NULL; mt->base.vtbl = &nv50_miptree_vtbl; pipe_reference_init(&mt->base.base.reference, 1); mt->base.base.screen = pscreen; diff --git a/src/gallium/drivers/nouveau/nvc0/nvc0_miptree.c b/src/gallium/drivers/nouveau/nvc0/nvc0_miptree.c index 27674f7..9c778b0 100644 --- a/src/gallium/drivers/nouveau/nvc0/nvc0_miptree.c +++ b/src/gallium/drivers/nouveau/nvc0/nvc0_miptree.c @@ -260,6 +260,7 @@ nvc0_miptree_create(struct pipe_screen *pscreen, mt->base.vtbl = &nvc0_miptree_vtbl; *pt = *templ; + pt->next = NULL; pipe_reference_init(&pt->reference, 1); pt->screen = pscreen; diff --git a/src/gallium/drivers/r300/r300_screen_buffer.c b/src/gallium/drivers/r300/r300_screen_buffer.c index 4747058..24dd92f 100644 --- a/src/gallium/drivers/r300/r300_screen_buffer.c +++ b/src/gallium/drivers/r300/r300_screen_buffer.c @@ -163,6 +163,7 @@ struct pipe_resource *r300_buffer_create(struct pipe_screen *screen, rbuf = MALLOC_STRUCT(r300_resource); rbuf->b.b = *templ; + rbuf->b.b.next = NULL; rbuf->b.vtbl = &r300_buffer_vtbl; pipe_reference_init(&rbuf->b.b.reference, 1); rbuf->b.b.screen = screen; diff --git a/src/gallium/drivers/r600/evergreen_compute.c b/src/gallium/drivers/r600/evergreen_compute.c index fe43f37..5dd055c 100644 --- a/src/gallium/drivers/r600/evergreen_compute.c +++ b/src/gallium/drivers/r600/evergreen_compute.c @@ -1027,6 +1027,7 @@ struct pipe_resource *r600_compute_global_buffer_create(struct pipe_screen *scre result->base.b.vtbl = &r600_global_buffer_vtbl; result->base.b.b = *templ; + result->base.b.b.next = NULL; result->base.b.b.screen = screen; pipe_reference_init(&result->base.b.b.reference, 1); diff --git a/src/gallium/drivers/rbug/rbug_objects.c b/src/gallium/drivers/rbug/rbug_objects.c index 2aa4e12..450fb3c 100644 --- a/src/gallium/drivers/rbug/rbug_objects.c +++ b/src/gallium/drivers/rbug/rbug_objects.c @@ -55,6 +55,7 @@ rbug_resource_create(struct rbug_screen *rb_screen, memcpy(&rb_resource->base, resource, sizeof(struct pipe_resource)); pipe_reference_init(&rb_resource->base.reference, 1); + rb_resource->base.next = NULL; rb_resource->base.screen = &rb_screen->base; rb_resource->resource = resource; diff --git a/src/gallium/drivers/softpipe/sp_texture.c b/src/gallium/drivers/softpipe/sp_texture.c index 8dca158..4cf06ca 100644 --- a/src/gallium/drivers/softpipe/sp_texture.c +++ b/src/gallium/drivers/softpipe/sp_texture.c @@ -162,6 +162,7 @@ softpipe_resource_create_front(struct pipe_screen *screen, assert(templat->format != PIPE_FORMAT_NONE); spr->base = *templat; + spr->base.next = NULL; pipe_reference_init(&spr->base.reference, 1); spr->base.screen = screen; @@ -227,6 +228,7 @@ softpipe_resource_from_handle(struct pipe_screen *screen, return NULL; spr->base = *templat; + spr->base.next = NULL; pipe_reference_init(&spr->base.reference, 1); spr->base.screen = screen; diff --git a/src/gallium/drivers/svga/svga_resource_buffer.c b/src/gallium/drivers/svga/svga_resource_buffer.c index 99ed1a2..0957d61 100644 --- a/src/gallium/drivers/svga/svga_resource_buffer.c +++ b/src/gallium/drivers/svga/svga_resource_buffer.c @@ -404,6 +404,7 @@ svga_buffer_create(struct pipe_screen *screen, goto error1; sbuf->b.b = *template; + sbuf->b.b.next = NULL; sbuf->b.vtbl = &svga_buffer_vtbl; pipe_reference_init(&sbuf->b.b.reference, 1); sbuf->b.b.screen = screen; diff --git a/src/gallium/drivers/svga/svga_resource_texture.c b/src/gallium/drivers/svga/svga_resource_texture.c index fc5c374..5853e3a 100644 --- a/src/gallium/drivers/svga/svga_resource_texture.c +++ b/src/gallium/drivers/svga/svga_resource_texture.c @@ -902,6 +902,7 @@ svga_texture_create(struct pipe_screen *screen, } tex->b.b = *template; + tex->b.b.next = NULL; tex->b.vtbl = &svga_texture_vtbl; pipe_reference_init(&tex->b.b.reference, 1); tex->b.b.screen = screen; @@ -1166,6 +1167,7 @@ svga_texture_from_handle(struct pipe_screen *screen, } tex->b.b = *template; + tex->b.b.next = NULL; tex->b.vtbl = &svga_texture_vtbl; pipe_reference_init(&tex->b.b.reference, 1); tex->b.b.screen = screen; diff --git a/src/gallium/drivers/swr/swr_screen.cpp b/src/gallium/drivers/swr/swr_screen.cpp index 90fc77e..119be4f 100644 --- a/src/gallium/drivers/swr/swr_screen.cpp +++ b/src/gallium/drivers/swr/swr_screen.cpp @@ -863,6 +863,7 @@ swr_resource_create(struct pipe_screen *_screen, return NULL; res->base = *templat; + res->base.next = NULL; pipe_reference_init(&res->base.reference, 1); res->base.screen = &screen->base; diff --git a/src/gallium/drivers/trace/tr_texture.c b/src/gallium/drivers/trace/tr_texture.c index 47845a3..be9e33a 100644 --- a/src/gallium/drivers/trace/tr_texture.c +++ b/src/gallium/drivers/trace/tr_texture.c @@ -53,6 +53,7 @@ trace_resource_create(struct trace_screen *tr_scr, memcpy(&tr_res->base, texture, sizeof(struct pipe_resource)); pipe_reference_init(&tr_res->base.reference, 1); + tr_res->base.next = NULL; tr_res->base.screen = &tr_scr->base; tr_res->resource = texture; diff --git a/src/gallium/drivers/vc4/vc4_resource.c b/src/gallium/drivers/vc4/vc4_resource.c index bfa8f40..ff70599 100644 --- a/src/gallium/drivers/vc4/vc4_resource.c +++ b/src/gallium/drivers/vc4/vc4_resource.c @@ -461,6 +461,7 @@ vc4_resource_setup(struct pipe_screen *pscreen, *prsc = *tmpl; pipe_reference_init(&prsc->reference, 1); + prsc->next = NULL; prsc->screen = pscreen; rsc->base.vtbl = &vc4_resource_vtbl; diff --git a/src/gallium/drivers/virgl/virgl_buffer.c b/src/gallium/drivers/virgl/virgl_buffer.c index de99796..9ef5f9d 100644 --- a/src/gallium/drivers/virgl/virgl_buffer.c +++ b/src/gallium/drivers/virgl/virgl_buffer.c @@ -156,6 +156,7 @@ struct pipe_resource *virgl_buffer_create(struct virgl_screen *vs, buf = CALLOC_STRUCT(virgl_buffer); buf->base.clean = TRUE; buf->base.u.b = *template; + buf->base.u.b.next = NULL; buf->base.u.b.screen = &vs->base; buf->base.u.vtbl = &virgl_buffer_vtbl; pipe_reference_init(&buf->base.u.b.reference, 1); diff --git a/src/gallium/drivers/virgl/virgl_texture.c b/src/gallium/drivers/virgl/virgl_texture.c index 24bbc3c..64649e2 100644 --- a/src/gallium/drivers/virgl/virgl_texture.c +++ b/src/gallium/drivers/virgl/virgl_texture.c @@ -316,6 +316,7 @@ virgl_texture_from_handle(struct virgl_screen *vs, tex = CALLOC_STRUCT(virgl_texture); tex->base.u.b = *template; + tex->base.u.b.next = NULL; tex->base.u.b.screen = &vs->base; pipe_reference_init(&tex->base.u.b.reference, 1); tex->base.u.vtbl = &virgl_texture_vtbl; @@ -335,6 +336,7 @@ struct pipe_resource *virgl_texture_create(struct virgl_screen *vs, tex = CALLOC_STRUCT(virgl_texture); tex->base.clean = TRUE; tex->base.u.b = *template; + tex->base.u.b.next = NULL; tex->base.u.b.screen = &vs->base; pipe_reference_init(&tex->base.u.b.reference, 1); tex->base.u.vtbl = &virgl_texture_vtbl; -- 2.7.4 _______________________________________________ mesa-dev mailing list mesa-dev@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/mesa-dev
