broadcom/vc4: Fix use-after-free for flushing when writing to a texture.

I was trying to continue the hash table loop, not the inner loop. This tended to work out, because we would have *just* freed the job struct. Fixes some valgrind failures in fbo-depthtex. Fixes: f597ac3966 ("vc4: Implement job shuffling")
2026-01-23 06:10:23 +01:00 · 2017-09-18 14:52:32 -07:00 · 2017-09-18 14:52:32 -07:00 · d88a75182d
commit d88a75182d
parent 6e3d7a5916
1 changed files with 7 additions and 2 deletions
--- a/src/gallium/drivers/vc4/vc4_job.c
+++ b/src/gallium/drivers/vc4/vc4_job.c
@ -118,12 +118,17 @@ vc4_flush_jobs_reading_resource(struct vc4_context *vc4,
                struct vc4_job *job = entry->data;

                struct vc4_bo **referenced_bos = job->bo_pointers.base;
+                bool found = false;
                for (int i = 0; i < cl_offset(&job->bo_handles) / 4; i++) {
                        if (referenced_bos[i] == rsc->bo) {
-                                vc4_job_submit(vc4, job);
-                                continue;
+                                found = true;
+                                break;
                        }
                }
+                if (found) {
+                        vc4_job_submit(vc4, job);
+                        continue;
+                }

                /* Also check for the Z/color buffers, since the references to
                 * those are only added immediately before submit.