From cd8c4e92cf3784577147e768184da326eec15e9d Mon Sep 17 00:00:00 2001
From: liuqiang <liuqiang@kylinos.cn>
Date: Fri, 22 Nov 2024 10:03:12 +0800
Subject: [PATCH] lavapipe: Resolved write to pointer after free

Write to "alloc" pointer variable after free "alloc"

Fixes: d74ea2c117f ("llvmpipe: Implement dmabuf handling")

Signed-off-by: liuqiang <liuqiang@kylinos.cn>
Reviewed-by: Erik Faye-Lund <erik.faye-lund@collabora.com>
Reviewed-by: Lucas Fryzek <lfryzek@igalia.com>
Part-of: <https://gitlab.freedesktop.org/mesa/mesa/-/merge_requests/32292>
(cherry picked from commit 82e68de68112b11d5ee815dfabf55c23769824be)
---
 .pick_status.json                         | 2 +-
 src/gallium/drivers/llvmpipe/lp_texture.c | 1 +
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/.pick_status.json b/.pick_status.json
index bbbe9196b8b..6d0a9e13784 100644
--- a/.pick_status.json
+++ b/.pick_status.json
@@ -924,7 +924,7 @@
         "description": "lavapipe: Resolved write to pointer after free",
         "nominated": true,
         "nomination_type": 2,
-        "resolution": 0,
+        "resolution": 1,
         "main_sha": null,
         "because_sha": "d74ea2c117fe96e527471e572336f931c3c77da1",
         "notes": null
diff --git a/src/gallium/drivers/llvmpipe/lp_texture.c b/src/gallium/drivers/llvmpipe/lp_texture.c
index 005a02b3367..5a4796e1c36 100644
--- a/src/gallium/drivers/llvmpipe/lp_texture.c
+++ b/src/gallium/drivers/llvmpipe/lp_texture.c
@@ -1506,6 +1506,7 @@ llvmpipe_import_memory_fd(struct pipe_screen *screen,
       if (!ret) {
          free(alloc);
          *ptr = NULL;
+         return false;
       } else {
          *ptr = (struct pipe_memory_allocation*)alloc;
       }