Bug 94710 - Patch for dangling disp->DriverData pointer in error path
Summary: Patch for dangling disp->DriverData pointer in error path
Alias: None
Product: Mesa
Classification: Unclassified
Component: EGL (show other bugs)
Version: 11.1
Hardware: Other All
: medium normal
Assignee: mesa-dev
QA Contact: mesa-dev
Depends on:
Reported: 2016-03-26 02:13 UTC by John Wehle
Modified: 2019-09-18 18:07 UTC (History)
0 users

See Also:
i915 platform:
i915 features:

Patch for problem. (1.74 KB, text/plain)
2016-03-26 02:13 UTC, John Wehle

Description John Wehle 2016-03-26 02:13:39 UTC
Created attachment 122571 [details]
Patch for problem.

Noticed while looking at a crash the following code pattern:

    dri2_dpy = calloc(1, sizeof *dri2_dpy);

    disp->DriverData = (void *) dri2_dpy;


    if error goto cleanup

    return success


    return failure

The problem being that on failure disp->DriverData is left pointing to
memory which has already been freed.  Granted no one should be accessing
it after a failure, however if someone does then random things may occur.
The attached patch sets disp->DriverData to NULL on failure so that more
predictable behavior occurs if someone does happen to accesses it.
Comment 1 Michel Dänzer 2016-03-28 02:09:35 UTC
Please submit patches directly (preferably using git send-email, but definitely generated by git format-patch) to the mesa-dev@lists.freedesktop.org list for review.
Comment 2 GitLab Migration User 2019-09-18 18:07:19 UTC
-- GitLab Migration Automatic Message --

This bug has been migrated to freedesktop.org's GitLab instance and has been closed from further activity.

You can subscribe and participate further through the new bug through this link to our GitLab instance: https://gitlab.freedesktop.org/mesa/mesa/issues/155.

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.