fdo-mirrors/mesa
1
0
Fork 0
mirror of https://gitlab.freedesktop.org/mesa/mesa.git synced 2026-05-09 02:28:10 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

util: Avoid invalid access in ralloc_print_info()

Browse source 
Check if allocation is large enough to hold the
linear and gc contexts before probing for them.

Fixes: 7b5b164281 ("util: Add function print information about a ralloc tree")
Acked-by: Eric R. Smith <eric.smith@collabora.com>
Part-of: <https://gitlab.freedesktop.org/mesa/mesa/-/merge_requests/37017>
(cherry picked from commit 62815cc91f)
This commit is contained in:
Caio Oliveira 2025-08-26 15:17:47 -07:00 committed by Eric Engestrom
parent 50f967cde1
commit 4a2273eb8b
2 changed files with 10 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
.pick_status.json
View file

@ -8114,7 +8114,7 @@
"description": "util: Avoid invalid access in ralloc_print_info()",
"nominated": true,
"nomination_type": 2,
"resolution": 0,
"resolution": 1,
"main_sha": null,
"because_sha": "7b5b1642815dc7e74a7f90d89a7d46fde4ace19a",
"notes": null

13
src/util/ralloc.c
View file

@ -1383,14 +1383,19 @@ ralloc_print_info_helper(ralloc_print_info_state *state, const ralloc_header *in
const linear_ctx *lin_ctx = ptr;
const gc_ctx *gc_ctx = ptr;
if (lin_ctx->magic == LMAGIC_CONTEXT) {
const bool is_linear = info->size >= sizeof(*lin_ctx) &&
lin_ctx->magic == LMAGIC_CONTEXT;
const bool is_gc = info->size >= sizeof(*gc_ctx) &&
gc_ctx->canary == GC_CONTEXT_CANARY;
if (is_linear) {
if (f) fprintf(f, " (linear context)");
assert(!state->inside_gc && !state->inside_linear);
state->inside_linear = true;
state->linear_metadata_bytes += sizeof(linear_ctx);
state->content_bytes -= sizeof(linear_ctx);
state->linear_count++;
} else if (gc_ctx->canary == GC_CONTEXT_CANARY) {
} else if (is_gc) {
if (f) fprintf(f, " (gc context)");
assert(!state->inside_gc && !state->inside_linear);
state->inside_gc = true;
@ -1421,8 +1426,8 @@ ralloc_print_info_helper(ralloc_print_info_state *state, const ralloc_header *in
state->indent -= 2;
#ifndef NDEBUG
if (lin_ctx->magic == LMAGIC_CONTEXT) state->inside_linear = false;
else if (gc_ctx->canary == GC_CONTEXT_CANARY) state->inside_gc = false;
if (is_linear) state->inside_linear = false;
else if (is_gc) state->inside_gc = false;
#endif
}