projects / platform / upstream / mesa.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: f4f350a)
draw: fix double free of NIR IR
authorCharmaine Lee <charmainel@vmware.com>
Wed, 27 Apr 2022 01:56:32 +0000 (18:56 -0700)
committerCharmaine Lee <charmainel@vmware.com>
Wed, 27 Apr 2022 21:01:54 +0000 (21:01 +0000)
Check the shader IR type first before freeing the NIR IR in
draw_delete_xxx_shader() in case the IR has been converted to TGSI
and the NIR IR has already been freed.

Reviewed-by: Dave Airlie <airlied@redhat.com>
Reviewed-by: Neha Bhende <bhenden@vmware.com>
Part-of: <https://gitlab.freedesktop.org/mesa/mesa/-/merge_requests/16199>

src/gallium/auxiliary/draw/draw_gs.c patch | blob | history
src/gallium/auxiliary/draw/draw_tess.c patch | blob | history

diff --git a/src/gallium/auxiliary/draw/draw_gs.c b/src/gallium/auxiliary/draw/draw_gs.c
index 1c96904..66e10b0 100644 (file)
--- a/src/gallium/auxiliary/draw/draw_gs.c
+++ b/src/gallium/auxiliary/draw/draw_gs.c
@@ -960,7 +960,7 @@ void draw_delete_geometry_shader(struct draw_context *draw,
    for (i = 0; i < TGSI_MAX_VERTEX_STREAMS; i++)
       FREE(dgs->stream[i].primitive_lengths);
 
-   if (dgs->state.ir.nir)
+   if (dgs->state.type == PIPE_SHADER_IR_NIR && dgs->state.ir.nir)
       ralloc_free(dgs->state.ir.nir);
    FREE((void*) dgs->state.tokens);
    FREE(dgs);
diff --git a/src/gallium/auxiliary/draw/draw_tess.c b/src/gallium/auxiliary/draw/draw_tess.c
index 9658e6f..f42cd57 100644 (file)
--- a/src/gallium/auxiliary/draw/draw_tess.c
+++ b/src/gallium/auxiliary/draw/draw_tess.c
@@ -501,7 +501,7 @@ void draw_delete_tess_ctrl_shader(struct draw_context *draw,
    }
 #endif
 
-   if (dtcs->state.ir.nir)
+   if (dtcs->state.type == PIPE_SHADER_IR_NIR && dtcs->state.ir.nir)
       ralloc_free(dtcs->state.ir.nir);
    FREE(dtcs);
 }
@@ -626,7 +626,7 @@ void draw_delete_tess_eval_shader(struct draw_context *draw,
       align_free(dtes->tes_input);
    }
 #endif
-   if (dtes->state.ir.nir)
+   if (dtes->state.type == PIPE_SHADER_IR_NIR && dtes->state.ir.nir)
       ralloc_free(dtes->state.ir.nir);
    FREE(dtes);
 }
Domain: Graphics System / GL;