From 5ec25d54cf29af4799243b1b7a473ec5ae5dc51c Mon Sep 17 00:00:00 2001
From: Rhys Perry <pendingchaos02@gmail.com>
Date: Fri, 23 Apr 2021 13:10:42 +0100
Subject: [PATCH] radv: fix possible use-after-free when inserting GS copy
 shader from cache

If we give radv_pipeline_cache_insert_shaders() a variant which was
retrived from the cache, it will free it.

I haven't encountered this issue, but it seems possible.

Signed-off-by: Rhys Perry <pendingchaos02@gmail.com>
Reviewed-by: Samuel Pitoiset <samuel.pitoiset@gmail.com>
Part-of: <https://gitlab.freedesktop.org/mesa/mesa/-/merge_requests/10433>
---
 src/amd/vulkan/radv_pipeline.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/amd/vulkan/radv_pipeline.c b/src/amd/vulkan/radv_pipeline.c
index 8c2451a8ec6..412e2b94758 100644
--- a/src/amd/vulkan/radv_pipeline.c
+++ b/src/amd/vulkan/radv_pipeline.c
@@ -3454,9 +3454,9 @@ radv_create_shaders(struct radv_pipeline *pipeline, struct radv_device *device,
       gfx9_get_gs_info(pipeline_key, pipeline, nir, infos, gs_info);
    }
 
-   if (modules[MESA_SHADER_GEOMETRY]) {
+   if (modules[MESA_SHADER_GEOMETRY] && !pipeline->gs_copy_shader) {
       struct radv_shader_binary *gs_copy_binary = NULL;
-      if (!pipeline->gs_copy_shader && !radv_pipeline_has_ngg(pipeline)) {
+      if (!radv_pipeline_has_ngg(pipeline)) {
          struct radv_shader_info info = {0};
          struct radv_shader_variant_key key = {0};