fdo-mirrors/mesa
1
0
Fork 0
mirror of https://gitlab.freedesktop.org/mesa/mesa.git synced 2026-02-23 09:40:29 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

u_trace: Fix payload refcounting in u_trace_clone_append().
Some checks are pending
macOS-CI / macOS-CI (dri) (push) Waiting to run
Details
macOS-CI / macOS-CI (xlib) (push) Waiting to run
Details

Browse source 
If the clone_append was to a chunk of the same u_trace that gets
process_chunk()ed after where we're cloning from, then the payloads would
have been unreffed in the previous chunk's cleanup_chunk().

Fixes use-after-frees with turnip gmem rendering that resulted in
corrupted payloads.

Fixes: 14e45cb21e ("util/u_trace: refcount payloads")
Part-of: <https://gitlab.freedesktop.org/mesa/mesa/-/merge_requests/35379>
This commit is contained in:
Emma Anholt 2025-06-06 12:39:29 +02:00 committed by Marge Bot
parent bc2edf14d8
commit 6e97df1d76
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
src/util/perf/u_trace.c
View file

@ -898,7 +898,7 @@ u_trace_clone_append(struct u_trace_iterator begin_it,
to_copy * sizeof(struct u_trace_event));
/* Take a refcount on payloads from from_chunk if needed. */
if (begin_it.ut != into) {
if (from_chunk != to_chunk) {
struct u_trace_payload_buf **in_payload;
u_vector_foreach (in_payload, &from_chunk->payloads) {
struct u_trace_payload_buf **out_payload =