swapchain: Fixed invalid memory overwrite issue related to oldSwapchain.

 - If oldswapchain of newly created swapchain that has already been destroyed
  is not initialized with VK_NULL_HANDLE, the invalid memory overwrite problem occurs.

Change-Id: Ibe005cb3c838072b567b50843ee47aa3ec887d78
Signed-off-by: Joonbum Ko <joonbum.ko@samsung.com>

diff --git a/src/wsi/swapchain.c b/src/wsi/swapchain.c
index 6515dc6..91aacde 100644 (file)
--- a/src/wsi/swapchain.c
+++ b/src/wsi/swapchain.c
@@ -129,6 +129,10 @@ vk_CreateSwapchainKHR(VkDevice                                                      device,
        chain->surface = info->surface;
        chain->buffers = NULL;
        chain->oldSwapchain = (vk_swapchain_t *)(uintptr_t)info->oldSwapchain;
+       if (chain->oldSwapchain != VK_NULL_HANDLE)
+               chain->oldSwapchain->newSwapchain = chain;
+
+       chain->newSwapchain = VK_NULL_HANDLE;
        chain->is_retired = VK_FALSE;
 
        format = get_tbm_format(info->imageFormat, info->compositeAlpha);
@@ -249,6 +253,12 @@ vk_DestroySwapchainKHR(VkDevice                                             device,
                        }
                }
 
+               if (chain->newSwapchain != VK_NULL_HANDLE &&
+                       chain->newSwapchain->oldSwapchain != VK_NULL_HANDLE) {
+                       chain->newSwapchain->oldSwapchain = VK_NULL_HANDLE;
+                       chain->newSwapchain = VK_NULL_HANDLE;
+               }
+
                chain->deinit(device, chain);
                vk_free(allocator, chain->buffers);
                vk_free(allocator, chain);

diff --git a/src/wsi/wsi.h b/src/wsi/wsi.h
index 67c22b6..20a7853 100644 (file)
--- a/src/wsi/wsi.h
+++ b/src/wsi/wsi.h
@@ -149,6 +149,7 @@ struct vk_swapchain {
        vk_buffer_t                             *buffers;
 
        vk_swapchain_t                  *oldSwapchain;
+       vk_swapchain_t                  *newSwapchain;
        vk_bool_t                               is_retired;
 
        void *backend_data;