anv: fix use after free

Once mem->bo is removed from the cache, it is likely to be freed.

Signed-off-by: Lionel Landwerlin <lionel.g.landwerlin@intel.com>
Fixes: b80930a6fea075 ("anv: add support for VK_EXT_memory_budget")
Reviewed-by: Eric Engestrom <eric.engestrom@intel.com>

diff --git a/src/intel/vulkan/anv_device.c b/src/intel/vulkan/anv_device.c
index d74116b..e9f9060 100644 (file)
--- a/src/intel/vulkan/anv_device.c
+++ b/src/intel/vulkan/anv_device.c
@@ -2995,6 +2995,9 @@ void anv_FreeMemory(
    if (mem->map)
       anv_UnmapMemory(_device, _mem);
 
+   p_atomic_add(&pdevice->memory.heaps[mem->type->heapIndex].used,
+                -mem->bo->size);
+
    anv_bo_cache_release(device, &device->bo_cache, mem->bo);
 
 #if defined(ANDROID) && ANDROID_API_LEVEL >= 26
@@ -3002,9 +3005,6 @@ void anv_FreeMemory(
       AHardwareBuffer_release(mem->ahw);
 #endif
 
-   p_atomic_add(&pdevice->memory.heaps[mem->type->heapIndex].used,
-                -mem->bo->size);
-
    vk_free2(&device->alloc, pAllocator, mem);
 }