Created attachment 142340 [details] [review]
patch to fix use after free in test_optpass.
When compiling mesa with address sanitizer (-fsanitize=address) and running the test suite a use after free bug is exposed in test_optpass.cpp.
This is the code:
This is obviously not correct. First state is free'd and then state->error is used as the return value.
Given this is only a test this is not severe, yet it still should be fixed so mesa can easily be tested with address sanitizer or other memory safety check tools.
See attached patch (works on both git and 18.2.4), I'm saving state->error to a variable and then returning that.
Created attachment 142341 [details]
stack trace from asan
Patch looks correct to me. Please send this to mesa-dev mailing list with 'git-send-email'. See git log for examples how commit messages should be written.
--- 8< ---
Author: Hanno Böck <email@example.com>
Date: Wed Nov 7 09:01:42 2018 +0100
glsl/test: Fix use after free in test_optpass.
The variable state is free'd and afterwards state->error is used
as the return value, resulting in a use after free bug detected
by memory safety tools like address sanitizer.
Signed-off-by: Hanno Böck <firstname.lastname@example.org>
Reviewed-by: Eric Engestrom <email@example.com>
Reviewed-by: Tapani Pälli <firstname.lastname@example.org>