Created attachment 101269 [details] List of i965 driver source lines that show the issue i965 driver has various uses of malloc/calloc/new which can return a NULL pointer but the driver code fails to check for NULL pointer or causes an assert on NULL pointer. In some virtualized environments, the libGL memory pool is limited so can easily cause crashes by dereference a NULL pointer. I have a long list (~150) of likely code lines that need to be fixed in i965 driver, see attached. Instead of crashing a glError should be returned when out of memory. Crashes can be forced in Linux by using ulimit.
JP has been working on a bunch of similar issues found by a static analysis tool.
I've been posting patches for similar issues on mesa-dev for some months. If you search for posts mentioning Klocwork you find cover letters for my patches, issues my patches fix are exactly similar to those listed here. Its slow but progressing task. I have experimented with ulimits and know the error paths in mesa are a disaster currently but patching these one by one as I have been doing is not very lasting solution since people on mesa-dev generally don't seem to care so much about error checking for these things. I have been searching for alternative ways to create more lasting solution but so far did not find a workable idea.
I don't think anyone has come up with a compelling way of testing these code paths (at least that I'm aware of).
Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.