From 67250fe5bbf1d9f610e349311a4690e271798f17 Mon Sep 17 00:00:00 2001 From: Olivier Fourdan Date: Mon, 19 Jul 2021 09:29:46 +0200 Subject: [PATCH] radeonsi: Check aux_context on si_destroy_screen() The function radeonsi_screen_create_impl() tries to create the aux_context but doesn't actually check for the returned value from si_create_context(). Then, on si_destroy_screen() the aux_context is used without actually checking whether it's a thing or not. As a result, if for any reason si_create_context() failed, we shall crash in si_destroy_screen() with a NULL pointer dereference trying to access ((struct si_context *)sscreen->aux_context)->log. Simply check for aux_context not being NULL to avoid that crash. Cc: mesa-stable Signed-off-by: Olivier Fourdan Reviewed-by: Pierre-Eric Pelloux-Prayer Part-of: (cherry picked from commit 5bfd1a7e19ec1c510c2ba4adadad98d78f712eaf) --- .pick_status.json | 2 +- src/gallium/drivers/radeonsi/si_pipe.c | 16 +++++++++------- 2 files changed, 10 insertions(+), 8 deletions(-) diff --git a/.pick_status.json b/.pick_status.json index 2c3d91ee41d..328ceb6c042 100644 --- a/.pick_status.json +++ b/.pick_status.json @@ -859,7 +859,7 @@ "description": "radeonsi: Check aux_context on si_destroy_screen()", "nominated": true, "nomination_type": 0, - "resolution": 0, + "resolution": 1, "main_sha": null, "because_sha": null }, diff --git a/src/gallium/drivers/radeonsi/si_pipe.c b/src/gallium/drivers/radeonsi/si_pipe.c index a8fbc6c0f48..6196f2158d0 100644 --- a/src/gallium/drivers/radeonsi/si_pipe.c +++ b/src/gallium/drivers/radeonsi/si_pipe.c @@ -842,14 +842,16 @@ static void si_destroy_screen(struct pipe_screen *pscreen) simple_mtx_destroy(&sscreen->aux_context_lock); - struct u_log_context *aux_log = ((struct si_context *)sscreen->aux_context)->log; - if (aux_log) { - sscreen->aux_context->set_log_context(sscreen->aux_context, NULL); - u_log_context_destroy(aux_log); - FREE(aux_log); - } + if (sscreen->aux_context) { + struct u_log_context *aux_log = ((struct si_context *)sscreen->aux_context)->log; + if (aux_log) { + sscreen->aux_context->set_log_context(sscreen->aux_context, NULL); + u_log_context_destroy(aux_log); + FREE(aux_log); + } - sscreen->aux_context->destroy(sscreen->aux_context); + sscreen->aux_context->destroy(sscreen->aux_context); + } util_queue_destroy(&sscreen->shader_compiler_queue); util_queue_destroy(&sscreen->shader_compiler_queue_low_priority);