Bug 99789

Summary: Memory leak on failure to create an ir_constant in calculate_iterations in loop_controls.cpp
Product: Mesa Reporter: Damian Dixon <damian.dixon>
Component: glsl-compilerAssignee: mesa-dev
Status: RESOLVED FIXED QA Contact: Intel 3D Bugs Mailing List <intel-3d-bugs>
Severity: normal    
Priority: medium    
Version: git   
Hardware: Other   
OS: All   
i915 platform: i915 features:

Description Damian Dixon 2017-02-13 10:09:47 UTC
There is a memory leak on failure to create an ir_constant in calculate_iterations in loop_controls.cpp.

If iter is NULL the method returns without deleting the allocated memory.

See below:

calculate_iterations(ir_rvalue *from, ir_rvalue *to, ir_rvalue *increment,
		     enum ir_expression_operation op)
   if (from == NULL || to == NULL || increment == NULL)
      return -1;

   void *mem_ctx = ralloc_context(NULL);

   ir_expression *const sub =
      new(mem_ctx) ir_expression(ir_binop_sub, from->type, to, from);

   ir_expression *const div =
      new(mem_ctx) ir_expression(ir_binop_div, sub->type, sub, increment);

   ir_constant *iter = div->constant_expression_value();

   if (iter == NULL)
      return -1;

If iter == NULL then I should be seeing something like:

   if (iter == NULL) {
      // sub & div  are created as emplacement new so delete is not required
      // unless meme_ctx has a destructor.

      return -1;
Comment 1 Matt Turner 2017-02-15 19:56:55 UTC
(you don't need to Cc yourself on bugs you filed. you'll receive the emails either way)

Yes, you are right. It looks like we should be calling ralloc_free(mem_ctx) before the early return. The comment is not necessary.

Would you please send a patch to mesa-dev@lists.freedesktop.org? Feel free to Cc me on it.
Comment 2 Timothy Arceri 2017-03-18 03:13:37 UTC
Thanks! Fixed by:

commit 40bc1afc9437433f2f1d1c0a6980376ff5670638
Author: Timothy Arceri <tarceri@itsqueeze.com>
Date:   Fri Mar 17 21:53:35 2017 +1100

    glsl: don't leak memory when trying to count loop iterations
    Suggested-by: Damian Dixon <damian.dixon@gmail.com>
    Reviewed-by: Elie Tournier <elie.tournier@collabora.com>
    Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=99789

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.