fdo-mirrors/mesa
1
0
Fork 0
mirror of https://gitlab.freedesktop.org/mesa/mesa.git synced 2026-04-24 05:00:48 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

mesa: fix _mesa_free_pipeline_data() use-after-free bug

Browse source 
Unreference the ctx->_Shader object before we delete all the pipeline
objects in the hash table.  Before, ctx->_Shader could point to freed
memory when _mesa_reference_pipeline_object(ctx, &ctx->_Shader, NULL)
was called.

Fixes crash when exiting the piglit rendezvous_by_location test on
Windows.

Cc: mesa-stable@lists.freedesktop.org
Reviewed-by: Ian Romanick <ian.d.romanick@intel.com>
This commit is contained in:
Brian Paul 2014-09-12 06:29:04 -06:00
parent 2828680e39
commit 0d73ac6b02
1 changed files with 2 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
src/mesa/main/pipelineobj.c
View file

@ -120,12 +120,12 @@ delete_pipelineobj_cb(GLuint id, void *data, void *userData)
void
_mesa_free_pipeline_data(struct gl_context *ctx)
{
_mesa_reference_pipeline_object(ctx, &ctx->_Shader, NULL);
_mesa_HashDeleteAll(ctx->Pipeline.Objects, delete_pipelineobj_cb, ctx);
_mesa_DeleteHashTable(ctx->Pipeline.Objects);
_mesa_reference_pipeline_object(ctx, &ctx->_Shader, NULL);
_mesa_delete_pipeline_object(ctx, ctx->Pipeline.Default);
}
/**