Fix double free issue

dEQP-VK.api.object_management.alloc_callback_fail.device is crashed on
RPI4, it's caused by double free in icd_term->logical_device_list.
This patch intend to avoid duplicated item in
icd_term->logical_device_list.

Change-Id: Icfd35f8fad70a06a5697d9dc0c0a330f83e08fc6
Signed-off-by: Xuelian Bai <xuelian.bai@samsung.com>

diff --git a/loader/loader.c b/loader/loader.c
index b50eb00f5239e983f13c54ec47ab5d0add65b81c..2ca3c26a0a76485487b15c860399b3aab4143887 100644 (file)
--- a/loader/loader.c
+++ b/loader/loader.c
@@ -1225,6 +1225,18 @@ struct loader_device *loader_create_logical_device(const struct loader_instance
 }
 
 void loader_add_logical_device(const struct loader_instance *inst, struct loader_icd_term *icd_term, struct loader_device *dev) {
+    /* Fix double free issue in dEQP-VK.api.object_management.alloc_callback_fail.device   */
+    /* It's possible that when dev is free and reallocated, pointer address is not changed */
+    /* This will lead to duplicated item in one list, then cause double free               */
+    struct loader_device *prev_dev = NULL;
+    prev_dev = icd_term->logical_device_list;
+    while (prev_dev && prev_dev != dev) {
+        prev_dev = prev_dev->next;
+    }
+    if (prev_dev == dev) {
+        return;
+    }
+
     dev->next = icd_term->logical_device_list;
     icd_term->logical_device_list = dev;
 }