From 24637a6579303a6b4f85001f33943c6004af8c50 Mon Sep 17 00:00:00 2001 From: Jason Ekstrand Date: Wed, 29 Sep 2021 08:15:24 -0500 Subject: [PATCH] vulkan/shader_module: Fix the lifetime of temporary shader modules MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The vk_shader_module_handle_from_nir() macro was constructing a temporary vk_shader_module and passing it through vk_shader_module_to_handle(). Since this is a function and not a macro, it means that the lifetime of the temporary vk_shader_module will end once the to_handle() function is called. Technically, this is a use-after-free. I really don't know why no one has been bitten by this yet.... Fixes: a41e98ddcae0 "vk/util: add a util macro for initializing stack..." Reviewed-by: Alejandro PiƱeiro Part-of: --- src/vulkan/util/vk_shader_module.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/vulkan/util/vk_shader_module.h b/src/vulkan/util/vk_shader_module.h index d4e64dfc35a..8140a49d0de 100644 --- a/src/vulkan/util/vk_shader_module.h +++ b/src/vulkan/util/vk_shader_module.h @@ -46,7 +46,7 @@ VK_DEFINE_NONDISP_HANDLE_CASTS(vk_shader_module, base, VkShaderModule, /* this should only be used for stack-allocated, temporary objects */ #define vk_shader_module_handle_from_nir(_nir) \ - vk_shader_module_to_handle(&(struct vk_shader_module) { \ + ((VkShaderModule)(uintptr_t)&(struct vk_shader_module) { \ .base.type = VK_OBJECT_TYPE_SHADER_MODULE, \ .nir = _nir, \ })