fdo-mirrors/mesa
1
0
Fork 0
mirror of https://gitlab.freedesktop.org/mesa/mesa.git synced 2025-12-27 08:20:12 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

wsi/wayland: Fix use after free from improperly stored VkAllocationCallbacks

Browse source 
These callbacks are no longer valid when cleaning up, and a use after free
occurs.

There's no need to store this at all anyway, so just stop doing that.

Fixes: 57c03fe4
Fixes: https://gitlab.freedesktop.org/mesa/mesa/-/issues/11184

Signed-off-by: Derek Foreman <derek.foreman@collabora.com>
Part-of: <https://gitlab.freedesktop.org/mesa/mesa/-/merge_requests/29310>
This commit is contained in:
Derek Foreman 2024-05-21 11:29:48 -05:00 committed by Marge Bot
parent 0e0c2574d1
commit 175d2d680a
1 changed files with 6 additions and 9 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

15
src/vulkan/wsi/wsi_common_wayland.c
View file

@ -162,7 +162,6 @@ struct wsi_wl_surface {
/* This has no functional use, and is here only for perfetto */
struct {
const VkAllocationCallbacks *pAllocator;
char *latency_str;
uint64_t presenting;
uint64_t presentation_track_id;
@ -1345,11 +1344,12 @@ wsi_wl_surface_get_present_rectangles(VkIcdSurfaceBase *surface,
}
static void
wsi_wl_surface_analytics_fini(struct wsi_wl_surface *wsi_wl_surface)
wsi_wl_surface_analytics_fini(struct wsi_wl_surface *wsi_wl_surface,
const VkAllocationCallbacks *parent_pAllocator,
const VkAllocationCallbacks *pAllocator)
{
const VkAllocationCallbacks *pAllocator = wsi_wl_surface->analytics.pAllocator;
vk_free(pAllocator, wsi_wl_surface->analytics.latency_str);
vk_free2(parent_pAllocator, pAllocator,
wsi_wl_surface->analytics.latency_str);
}
void
@ -1375,7 +1375,7 @@ wsi_wl_surface_destroy(VkIcdSurfaceBase *icd_surface, VkInstance _instance,
if (wsi_wl_surface->display)
wsi_wl_display_destroy(wsi_wl_surface->display);
wsi_wl_surface_analytics_fini(wsi_wl_surface);
wsi_wl_surface_analytics_fini(wsi_wl_surface, &instance->alloc, pAllocator);
vk_free2(&instance->alloc, pAllocator, wsi_wl_surface);
}
@ -1597,9 +1597,6 @@ wsi_wl_surface_analytics_init(struct wsi_wl_surface *wsi_wl_surface,
uint64_t wl_id;
char *track_name;
wl_id = wl_proxy_get_id((struct wl_proxy *) wsi_wl_surface->surface);
wsi_wl_surface->analytics.pAllocator = pAllocator;
wl_id = wl_proxy_get_id((struct wl_proxy *) wsi_wl_surface->surface);
track_name = vk_asprintf(pAllocator, VK_SYSTEM_ALLOCATION_SCOPE_OBJECT,
"wl%" PRIu64 " presentation", wl_id);