diff options
author | Thomas Meyer <thomas@m3y3r.de> | 2014-11-07 19:43:04 +0100 |
---|---|---|
committer | Damien Lespiau <damien.lespiau@intel.com> | 2014-11-20 14:10:41 +0000 |
commit | 4f44ecc6beeaac5064871d41dcc4693b8e313859 (patch) | |
tree | 277166690811a397981bb1acfdac515cb542c042 | |
parent | 5306078bbe21e05365700c186c6c8a1ae86b776c (diff) |
intel: Fix SIGSEGV in libdrm for heigth = 0 and width = 0
drm_intel_gem_bo_free() crashes because the list bo_gem->vma_list is not
yet initialised, but the error path tries to free it.
See also https://bugs.freedesktop.org/show_bug.cgi?id=75844
Reviewed-by: Chris Wilson <chris@chris-wilson.co.uk>
Signed-off-by: Thomas Meyer <thomas@m3y3r.de>
Signed-off-by: Damien Lespiau <damien.lespiau@intel.com>
-rw-r--r-- | intel/intel_bufmgr_gem.c | 7 |
1 files changed, 4 insertions, 3 deletions
diff --git a/intel/intel_bufmgr_gem.c b/intel/intel_bufmgr_gem.c index f2f4feaf..b3e9dbad 100644 --- a/intel/intel_bufmgr_gem.c +++ b/intel/intel_bufmgr_gem.c @@ -759,15 +759,16 @@ retry: bo_gem->swizzle_mode = I915_BIT_6_SWIZZLE_NONE; bo_gem->stride = 0; + /* drm_intel_gem_bo_free calls DRMLISTDEL() for an uninitialized + list (vma_list), so better set the list head here */ + DRMINITLISTHEAD(&bo_gem->name_list); + DRMINITLISTHEAD(&bo_gem->vma_list); if (drm_intel_gem_bo_set_tiling_internal(&bo_gem->bo, tiling_mode, stride)) { drm_intel_gem_bo_free(&bo_gem->bo); return NULL; } - - DRMINITLISTHEAD(&bo_gem->name_list); - DRMINITLISTHEAD(&bo_gem->vma_list); } bo_gem->name = name; |