From 56a42238033e8007be542792889f1b1378ceb109 Mon Sep 17 00:00:00 2001 From: Lim Siew Hoon Date: Thu, 20 Aug 2015 17:36:04 +0800 Subject: [PATCH: Intel-VA Driver] Fix klockwork critical message hit on calloc function usage The calloc function maybe return NULL, it will causing memory access violation if continue using NULL C structure. Add assert function to do checking on its. Signed-off-by: Lim Siew Hoon --- src/gen6_mfc_common.c | 2 ++ src/gen6_mfd.c | 1 + src/gen75_mfd.c | 3 +++ src/gen75_picture_process.c | 1 + src/gen75_vme.c | 2 ++ src/gen75_vpp_gpe.c | 1 + src/gen75_vpp_vebox.c | 1 + src/gen7_mfd.c | 3 +++ src/gen7_vme.c | 1 + src/gen8_mfc.c | 2 +- src/gen8_vme.c | 1 + src/gen9_mfc.c | 1 + src/gen9_mfc_hevc.c | 2 ++ src/gen9_mfd.c | 1 + src/gen9_vme.c | 2 ++ src/i965_avc_bsd.c | 1 + src/i965_encoder.c | 1 + src/i965_media.c | 2 ++ src/i965_media_h264.c | 1 + src/i965_media_mpeg2.c | 1 + src/i965_post_processing.c | 1 + src/intel_batchbuffer.c | 1 + 22 files changed, 31 insertions(+), 1 deletion(-) diff --git a/src/gen6_mfc_common.c b/src/gen6_mfc_common.c index 53e31de..663d197 100644 --- a/src/gen6_mfc_common.c +++ b/src/gen6_mfc_common.c @@ -650,6 +650,7 @@ VAStatus intel_mfc_avc_prepare(VADriverContextP ctx, if ( obj_surface->private_data == NULL) { gen6_avc_surface = calloc(sizeof(GenAvcSurface), 1); + assert(gen6_avc_surface); gen6_avc_surface->dmv_top = dri_bo_alloc(i965->intel.bufmgr, "Buffer", @@ -696,6 +697,7 @@ VAStatus intel_mfc_avc_prepare(VADriverContextP ctx, if ( obj_surface->private_data == NULL) { gen6_avc_surface = calloc(sizeof(GenAvcSurface), 1); + assert(gen6_avc_surface); gen6_avc_surface->dmv_top = dri_bo_alloc(i965->intel.bufmgr, "Buffer", diff --git a/src/gen6_mfd.c b/src/gen6_mfd.c index 2dd05a1..5ab2db0 100755 --- a/src/gen6_mfd.c +++ b/src/gen6_mfd.c @@ -61,6 +61,7 @@ gen6_mfd_init_avc_surface(VADriverContextP ctx, if (!gen6_avc_surface) { gen6_avc_surface = calloc(sizeof(GenAvcSurface), 1); + assert(gen6_avc_surface); gen6_avc_surface->base.frame_store_id = -1; assert((obj_surface->size & 0x3f) == 0); obj_surface->private_data = gen6_avc_surface; diff --git a/src/gen75_mfd.c b/src/gen75_mfd.c index 11cde1f..0acded3 100644 --- a/src/gen75_mfd.c +++ b/src/gen75_mfd.c @@ -67,6 +67,7 @@ gen75_mfd_init_avc_surface(VADriverContextP ctx, if (!gen7_avc_surface) { gen7_avc_surface = calloc(sizeof(GenAvcSurface), 1); + assert(gen7_avc_surface); gen7_avc_surface->base.frame_store_id = -1; assert((obj_surface->size & 0x3f) == 0); obj_surface->private_data = gen7_avc_surface; @@ -1511,6 +1512,7 @@ gen75_mfd_init_vc1_surface(VADriverContextP ctx, if (!gen7_vc1_surface) { gen7_vc1_surface = calloc(sizeof(struct gen7_vc1_surface), 1); + assert(gen7_vc1_surface); assert((obj_surface->size & 0x3f) == 0); obj_surface->private_data = gen7_vc1_surface; } @@ -3250,6 +3252,7 @@ gen75_dec_hw_context_init(VADriverContextP ctx, struct object_config *obj_config struct gen7_mfd_context *gen7_mfd_context = calloc(1, sizeof(struct gen7_mfd_context)); int i; + assert(gen7_mfd_context); gen7_mfd_context->base.destroy = gen75_mfd_context_destroy; gen7_mfd_context->base.run = gen75_mfd_decode_picture; gen7_mfd_context->base.batch = intel_batchbuffer_new(intel, I915_EXEC_RENDER, 0); diff --git a/src/gen75_picture_process.c b/src/gen75_picture_process.c index cf20ed9..ed50532 100644 --- a/src/gen75_picture_process.c +++ b/src/gen75_picture_process.c @@ -266,6 +266,7 @@ gen75_proc_context_init(VADriverContextP ctx, struct intel_video_process_context *proc_context = calloc(1, sizeof(struct intel_video_process_context)); + assert(proc_context); proc_context->base.destroy = gen75_proc_context_destroy; proc_context->base.run = gen75_proc_picture; diff --git a/src/gen75_vme.c b/src/gen75_vme.c index 576e91a..0b8855d 100644 --- a/src/gen75_vme.c +++ b/src/gen75_vme.c @@ -1037,6 +1037,8 @@ Bool gen75_vme_context_init(VADriverContextP ctx, struct intel_encoder_context * break; } + + assert(vme_context); vme_context->vme_kernel_sum = i965_kernel_num; vme_context->gpe_context.surface_state_binding_table.length = (SURFACE_STATE_PADDED_SIZE + sizeof(unsigned int)) * MAX_MEDIA_SURFACES_GEN6; diff --git a/src/gen75_vpp_gpe.c b/src/gen75_vpp_gpe.c index 52a0e2f..118a544 100644 --- a/src/gen75_vpp_gpe.c +++ b/src/gen75_vpp_gpe.c @@ -871,6 +871,7 @@ vpp_gpe_context_init(VADriverContextP ctx) { struct i965_driver_data *i965 = i965_driver_data(ctx); struct vpp_gpe_context *vpp_gpe_ctx = calloc(1, sizeof(struct vpp_gpe_context)); + assert(vpp_gpe_ctx); struct i965_gpe_context *gpe_ctx = &(vpp_gpe_ctx->gpe_ctx); assert(IS_HASWELL(i965->intel.device_info) || diff --git a/src/gen75_vpp_vebox.c b/src/gen75_vpp_vebox.c index 7a066f9..06c27f8 100644 --- a/src/gen75_vpp_vebox.c +++ b/src/gen75_vpp_vebox.c @@ -1763,6 +1763,7 @@ struct intel_vebox_context * gen75_vebox_context_init(VADriverContextP ctx) struct intel_vebox_context *proc_context = calloc(1, sizeof(struct intel_vebox_context)); int i; + assert(proc_context); proc_context->batch = intel_batchbuffer_new(intel, I915_EXEC_VEBOX, 0); for (i = 0; i < ARRAY_ELEMS(proc_context->frame_store); i++) diff --git a/src/gen7_mfd.c b/src/gen7_mfd.c index 1d04ed4..4e668ce 100755 --- a/src/gen7_mfd.c +++ b/src/gen7_mfd.c @@ -65,6 +65,7 @@ gen7_mfd_init_avc_surface(VADriverContextP ctx, if (!gen7_avc_surface) { gen7_avc_surface = calloc(sizeof(GenAvcSurface), 1); + assert(gen7_avc_surface); gen7_avc_surface->base.frame_store_id = -1; assert((obj_surface->size & 0x3f) == 0); obj_surface->private_data = gen7_avc_surface; @@ -1246,6 +1247,7 @@ gen7_mfd_init_vc1_surface(VADriverContextP ctx, if (!gen7_vc1_surface) { gen7_vc1_surface = calloc(sizeof(struct gen7_vc1_surface), 1); + assert(gen7_vc1_surface); assert((obj_surface->size & 0x3f) == 0); obj_surface->private_data = gen7_vc1_surface; } @@ -2729,6 +2731,7 @@ gen7_dec_hw_context_init(VADriverContextP ctx, struct object_config *obj_config) struct gen7_mfd_context *gen7_mfd_context = calloc(1, sizeof(struct gen7_mfd_context)); int i; + assert(gen7_mfd_context); gen7_mfd_context->base.destroy = gen7_mfd_context_destroy; gen7_mfd_context->base.run = gen7_mfd_decode_picture; gen7_mfd_context->base.batch = intel_batchbuffer_new(intel, I915_EXEC_RENDER, 0); diff --git a/src/gen7_vme.c b/src/gen7_vme.c index dc15445..7b116ad 100644 --- a/src/gen7_vme.c +++ b/src/gen7_vme.c @@ -1031,6 +1031,7 @@ Bool gen7_vme_context_init(VADriverContextP ctx, struct intel_encoder_context *e struct gen6_vme_context *vme_context = calloc(1, sizeof(struct gen6_vme_context)); struct i965_kernel *vme_kernel_list = NULL; + assert(vme_context); vme_context->gpe_context.surface_state_binding_table.length = (SURFACE_STATE_PADDED_SIZE + sizeof(unsigned int)) * MAX_MEDIA_SURFACES_GEN6; diff --git a/src/gen8_mfc.c b/src/gen8_mfc.c index daa860c..9908257 100644 --- a/src/gen8_mfc.c +++ b/src/gen8_mfc.c @@ -4571,7 +4571,7 @@ static VAStatus gen8_mfc_pipeline(VADriverContextP ctx, Bool gen8_mfc_context_init(VADriverContextP ctx, struct intel_encoder_context *encoder_context) { struct gen6_mfc_context *mfc_context = calloc(1, sizeof(struct gen6_mfc_context)); - + assert(mfc_context); mfc_context->gpe_context.surface_state_binding_table.length = (SURFACE_STATE_PADDED_SIZE + sizeof(unsigned int)) * MAX_MEDIA_SURFACES_GEN6; mfc_context->gpe_context.idrt.max_entries = MAX_GPE_KERNELS; diff --git a/src/gen8_vme.c b/src/gen8_vme.c index ace3288..5dd502c 100644 --- a/src/gen8_vme.c +++ b/src/gen8_vme.c @@ -1338,6 +1338,7 @@ Bool gen8_vme_context_init(VADriverContextP ctx, struct intel_encoder_context *e //If the codec is JPEG, bypass VME if(encoder_context->codec != CODEC_JPEG) { vme_context = calloc(1, sizeof(struct gen6_vme_context)); + assert(vme_context); vme_context->vme_kernel_sum = i965_kernel_num; vme_context->gpe_context.surface_state_binding_table.length = (SURFACE_STATE_PADDED_SIZE + sizeof(unsigned int)) * MAX_MEDIA_SURFACES_GEN6; diff --git a/src/gen9_mfc.c b/src/gen9_mfc.c index b328f75..63a9c21 100644 --- a/src/gen9_mfc.c +++ b/src/gen9_mfc.c @@ -1717,6 +1717,7 @@ Bool gen9_mfc_context_init(VADriverContextP ctx, struct intel_encoder_context *e return gen8_mfc_context_init(ctx, encoder_context); mfc_context = calloc(1, sizeof(struct gen6_mfc_context)); + assert(mfc_context); mfc_context->gpe_context.surface_state_binding_table.length = (SURFACE_STATE_PADDED_SIZE + sizeof(unsigned int)) * MAX_MEDIA_SURFACES_GEN6; mfc_context->gpe_context.idrt.max_entries = MAX_GPE_KERNELS; diff --git a/src/gen9_mfc_hevc.c b/src/gen9_mfc_hevc.c index e52e408..bf601ec 100644 --- a/src/gen9_mfc_hevc.c +++ b/src/gen9_mfc_hevc.c @@ -1984,6 +1984,7 @@ VAStatus intel_hcpe_hevc_prepare(VADriverContextP ctx, hevc_encoder_surface = calloc(sizeof(GenHevcSurface), 1); + assert(hevc_encoder_surface); hevc_encoder_surface->motion_vector_temporal_bo = dri_bo_alloc(i965->intel.bufmgr, "motion vector temporal buffer", @@ -2583,6 +2584,7 @@ Bool gen9_hcpe_context_init(VADriverContextP ctx, struct intel_encoder_context * { struct gen9_hcpe_context *hcpe_context = calloc(1, sizeof(struct gen9_hcpe_context)); + assert(hcpe_context); hcpe_context->pipe_mode_select = gen9_hcpe_pipe_mode_select; hcpe_context->set_surface_state = gen9_hcpe_surface_state; hcpe_context->ind_obj_base_addr_state = gen9_hcpe_ind_obj_base_addr_state; diff --git a/src/gen9_mfd.c b/src/gen9_mfd.c index c435e30..da76378 100644 --- a/src/gen9_mfd.c +++ b/src/gen9_mfd.c @@ -77,6 +77,7 @@ gen9_hcpd_init_hevc_surface(VADriverContextP ctx, if (!gen9_hevc_surface) { gen9_hevc_surface = calloc(sizeof(GenHevcSurface), 1); + assert(gen9_hevc_surface); gen9_hevc_surface->base.frame_store_id = -1; obj_surface->private_data = gen9_hevc_surface; } diff --git a/src/gen9_vme.c b/src/gen9_vme.c index b28470b..736b13a 100644 --- a/src/gen9_vme.c +++ b/src/gen9_vme.c @@ -1817,6 +1817,8 @@ Bool gen9_vme_context_init(VADriverContextP ctx, struct intel_encoder_context *e break; } + + assert(vme_context); vme_context->vme_kernel_sum = i965_kernel_num; vme_context->gpe_context.surface_state_binding_table.length = (SURFACE_STATE_PADDED_SIZE + sizeof(unsigned int)) * MAX_MEDIA_SURFACES_GEN6; diff --git a/src/i965_avc_bsd.c b/src/i965_avc_bsd.c index e6e86b0..157a107 100644 --- a/src/i965_avc_bsd.c +++ b/src/i965_avc_bsd.c @@ -51,6 +51,7 @@ i965_avc_bsd_init_avc_bsd_surface(VADriverContextP ctx, if (!avc_bsd_surface) { avc_bsd_surface = calloc(sizeof(GenAvcSurface), 1); + assert(avc_bsd_surface); avc_bsd_surface->base.frame_store_id = -1; assert((obj_surface->size & 0x3f) == 0); obj_surface->private_data = avc_bsd_surface; diff --git a/src/i965_encoder.c b/src/i965_encoder.c index 22e4ec6..de851d1 100644 --- a/src/i965_encoder.c +++ b/src/i965_encoder.c @@ -662,6 +662,7 @@ intel_enc_hw_context_init(VADriverContextP ctx, struct intel_encoder_context *encoder_context = calloc(1, sizeof(struct intel_encoder_context)); int i; + assert(encoder_context); encoder_context->base.destroy = intel_encoder_context_destroy; encoder_context->base.run = intel_encoder_end_picture; encoder_context->base.batch = intel_batchbuffer_new(intel, I915_EXEC_RENDER, 0); diff --git a/src/i965_media.c b/src/i965_media.c index a13c233..3e33b9b 100644 --- a/src/i965_media.c +++ b/src/i965_media.c @@ -338,6 +338,7 @@ g4x_dec_hw_context_init(VADriverContextP ctx, struct object_config *obj_config) struct intel_driver_data *intel = intel_driver_data(ctx); struct i965_media_context *media_context = calloc(1, sizeof(struct i965_media_context)); + assert(media_context); media_context->base.destroy = i965_media_context_destroy; media_context->base.run = i965_media_decode_picture; media_context->base.batch = intel_batchbuffer_new(intel, I915_EXEC_RENDER, 0); @@ -368,6 +369,7 @@ ironlake_dec_hw_context_init(VADriverContextP ctx, struct object_config *obj_con struct intel_driver_data *intel = intel_driver_data(ctx); struct i965_media_context *media_context = calloc(1, sizeof(struct i965_media_context)); + assert(media_context); media_context->base.destroy = i965_media_context_destroy; media_context->base.run = i965_media_decode_picture; media_context->base.batch = intel_batchbuffer_new(intel, I915_EXEC_RENDER, 0); diff --git a/src/i965_media_h264.c b/src/i965_media_h264.c index 8ec7e4f..5b05ac0 100644 --- a/src/i965_media_h264.c +++ b/src/i965_media_h264.c @@ -844,6 +844,7 @@ i965_media_h264_dec_context_init(VADriverContextP ctx, struct i965_media_context sizeof(h264_avc_kernels_gen5[0]))); assert(NUM_AVC_MC_INTERFACES == (sizeof(avc_mc_kernel_offset_gen5) / sizeof(avc_mc_kernel_offset_gen5[0]))); + assert(i965_h264_context); if (IS_IRONLAKE(i965->intel.device_info)) { memcpy(i965_h264_context->avc_kernels, h264_avc_kernels_gen5, sizeof(i965_h264_context->avc_kernels)); avc_mc_kernel_offset = avc_mc_kernel_offset_gen5; diff --git a/src/i965_media_mpeg2.c b/src/i965_media_mpeg2.c index 245c8e7..2980bdc 100644 --- a/src/i965_media_mpeg2.c +++ b/src/i965_media_mpeg2.c @@ -979,6 +979,7 @@ i965_media_mpeg2_dec_context_init(VADriverContextP ctx, struct i965_media_contex int i; i965_mpeg2_context = calloc(1, sizeof(struct i965_mpeg2_context)); + assert(i965_mpeg2_context); i965_mpeg2_context->wa_slice_vertical_position = -1; /* kernel */ diff --git a/src/i965_post_processing.c b/src/i965_post_processing.c index a1c0e4d..6d504d8 100755 --- a/src/i965_post_processing.c +++ b/src/i965_post_processing.c @@ -5510,6 +5510,7 @@ i965_post_processing_init(VADriverContextP ctx) if (HAS_VPP(i965)) { if (pp_context == NULL) { pp_context = calloc(1, sizeof(*pp_context)); + assert(pp_context); i965->codec_info->post_processing_context_init(ctx, pp_context, i965->pp_batch); i965->pp_context = pp_context; } diff --git a/src/intel_batchbuffer.c b/src/intel_batchbuffer.c index 60178c6..c5604b8 100644 --- a/src/intel_batchbuffer.c +++ b/src/intel_batchbuffer.c @@ -95,6 +95,7 @@ intel_batchbuffer_new(struct intel_driver_data *intel, int flag, int buffer_size buffer_size = MAX_BATCH_SIZE; } + assert(batch); batch->intel = intel; batch->flag = flag; batch->run = drm_intel_bo_mrb_exec; -- 2.1.0