From: Jan Ziak <0xe2.0x9a.0x9b@gmail.com> Date: Sun, 31 Jul 2016 13:44:18 +0000 (+0200) Subject: egl/x11: avoid using freed memory if dri2 init fails X-Git-Tag: android-x86-6.0-r1^2~94 X-Git-Url: http://git.osdn.net/view?p=android-x86%2Fexternal-mesa.git;a=commitdiff_plain;h=fbde508c18f15f2534f3c3f41c4fec49ec980da9 egl/x11: avoid using freed memory if dri2 init fails Found with valgrind: ==4841== Invalid read of size 4 ==4841== at 0x56BDC80: dri2_initialize (egl_dri2.c:783) ==4841== by 0x56BAFE5: _eglMatchAndInitialize (egldriver.c:261) ==4841== by 0x56BB15E: _eglMatchDriver (egldriver.c:295) ==4841== by 0x56B58C9: eglInitialize (eglapi.c:480) ==4841== by 0x4F537DC: _glfwInitEGL (in /usr/lib64/libglfw.so.3.2) ==4841== by 0x4F4BEFB: _glfwPlatformInit (in /usr/lib64/libglfw.so.3.2) ==4841== by 0x4F46F40: glfwInit (in /usr/lib64/libglfw.so.3.2) ==4841== by 0x402E59: main ==4841== Address 0x6a05824 is 148 bytes inside a block of size 480 free'd ==4841== at 0x4C2B680: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) ==4841== by 0x56C2AAE: dri2_initialize_x11_swrast (platform_x11.c:1233) ==4841== by 0x56C2AAE: dri2_initialize_x11 (platform_x11.c:1493) ==4841== by 0x56BDCEB: dri2_initialize (egl_dri2.c:805) ==4841== by 0x56BAFAF: _eglMatchAndInitialize (egldriver.c:261) ==4841== by 0x56BB0C9: _eglMatchDriver (egldriver.c:292) ==4841== by 0x56B58C9: eglInitialize (eglapi.c:480) ==4841== by 0x4F537DC: _glfwInitEGL (in /usr/lib64/libglfw.so.3.2) ==4841== by 0x4F4BEFB: _glfwPlatformInit (in /usr/lib64/libglfw.so.3.2) ==4841== by 0x4F46F40: glfwInit (in /usr/lib64/libglfw.so.3.2) ==4841== by 0x402E59: main ==4841== Block was alloc'd at ==4841== at 0x4C2A868: calloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) ==4841== by 0x56C2A47: dri2_initialize_x11_swrast (platform_x11.c:1171) ==4841== by 0x56C2A47: dri2_initialize_x11 (platform_x11.c:1493) ==4841== by 0x56BDCEB: dri2_initialize (egl_dri2.c:805) ==4841== by 0x56BAFAF: _eglMatchAndInitialize (egldriver.c:261) ==4841== by 0x56BB0C9: _eglMatchDriver (egldriver.c:292) ==4841== by 0x56B58C9: eglInitialize (eglapi.c:480) ==4841== by 0x4F537DC: _glfwInitEGL (in /usr/lib64/libglfw.so.3.2) ==4841== by 0x4F4BEFB: _glfwPlatformInit (in /usr/lib64/libglfw.so.3.2) ==4841== by 0x4F46F40: glfwInit (in /usr/lib64/libglfw.so.3.2) ==4841== by 0x402E59: main Signed-off-by: Jan Ziak (http://atom-symbol.net) <0xe2.0x9a.0x9b@gmail.com> Fixes: 9ee683f877 (egl/dri2: Add reference count for dri2_egl_display) Cc: "12.0" Reviewed-by: Nicolas Boichat Reviewed-by: Emil Velikov (cherry picked from commit 769ac1ec78e5bc52191ef0393e4702945bbacaa9) --- diff --git a/src/egl/drivers/dri2/platform_x11.c b/src/egl/drivers/dri2/platform_x11.c index c0a4005d08e..686552ce0cb 100644 --- a/src/egl/drivers/dri2/platform_x11.c +++ b/src/egl/drivers/dri2/platform_x11.c @@ -1231,6 +1231,7 @@ dri2_initialize_x11_swrast(_EGLDriver *drv, _EGLDisplay *disp) xcb_disconnect(dri2_dpy->conn); cleanup_dpy: free(dri2_dpy); + disp->DriverData = NULL; return EGL_FALSE; } @@ -1370,6 +1371,7 @@ dri2_initialize_x11_dri3(_EGLDriver *drv, _EGLDisplay *disp) xcb_disconnect(dri2_dpy->conn); cleanup_dpy: free(dri2_dpy); + disp->DriverData = NULL; return EGL_FALSE; } @@ -1467,6 +1469,7 @@ dri2_initialize_x11_dri2(_EGLDriver *drv, _EGLDisplay *disp) xcb_disconnect(dri2_dpy->conn); cleanup_dpy: free(dri2_dpy); + disp->DriverData = NULL; return EGL_FALSE; }