https://bugs.freedesktop.org/show_bug.cgi?id=89387
Bug ID: 89387
Summary: Double delete in lp_bld_misc.cpp
Product: Mesa
Version: 10.5
Hardware: Other
OS: All
Status: NEW
Severity: normal
Priority: medium
Component: Mesa core
Assignee: mesa-dev@lists.freedesktop.org
Reporter: ch...@cvine.freeserve.co.uk
QA Contact: mesa-dev@lists.freedesktop.org
I have been asked in bug #86958 to open a separate bug about the resolution of
the compilation error reported there, where mesa is compiled against llvm>=3.6.
To fix that compilation error, at line 504 of file lp_bld_misc.cpp the
ShaderMemoryManager* object MM is passed to a unique_ptr object, which takes
ownership of MM. However, in the event of the call to EngineBuilder::create()
at line 523 failing, at line 530 delete is called manually on MM, thus leading
to a possible double delete (since the destructor of the unique_ptr object
having ownership will also attempt to delete MM).
This may beg the question of what
EngineBuilder::setMCJITMemoryManager(ShaderMemoryManager*) does in llvm < 3.6.
If that method also tries to delete its argument when finished with, you would
get a double delete in the error case (ie where EngineBuilder::create() fails)
for earlier versions of llvm also. However, whatever the answer to that, the
fix for bug 86958 is on the fact of it wrong.
--
You are receiving this mail because:
You are the QA Contact for the bug.
You are the assignee for the bug.
_______________________________________________
mesa-dev mailing list
mesa-dev@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/mesa-dev
