Bug 44205

This patch should resolve this issue reported in coverity:

--- a/src/mesa/drivers/dri/intel/intel_mipmap_tree.c
+++ b/src/mesa/drivers/dri/intel/intel_mipmap_tree.c
@@ -640,12 +640,13 @@ intel_miptree_all_slices_resolve(struct intel_context *intel,
                                 resolve_func_t func)
 {
    bool did_resolve = false;
-   struct intel_resolve_map *i;
+   struct intel_resolve_map *i, *next;
 
-   for (i = mt->hiz_map.next; i; i = i->next) {
+   for (i = mt->hiz_map.next; i; i = next) {
       if (i->need != need)
         continue;
       func(intel, mt, i->level, i->layer);
+      next = i->next;
       intel_resolve_map_remove(i);
       did_resolve = true;
    }

This issue is resolved by below commit on mesa (master):

commit 0ed11e333147e280208d9d0b3ff3f39970547643
Author: Anuj Phogat <anuj.phogat@gmail.com>
Date:   Tue Jan 3 18:12:06 2012 -0800

    Fix read from pointer after free
    
    Coverity reported a read from pointer after free defect in
    src/mesa/drivers/dri/intel/intel_mipmap_tree.c. Bug# 44205
    In intel_miptree_all_slices_resolve() function, i = i->next was
    executing after freeing i. I have defined a temporary variable
    (next) to store the value of i->next before freeing i
    
    Reported-by: Vinson Lee <vlee@vmware.com>
    Signed-off-by: Anuj Phogat <anuj.phogat@gmail.com>
    Reviewed-by: Eric Anholt <eric@anholt.net>