From: Francisco Jerez <currojerez@riseup.net>
Date: Mon, 14 Nov 2011 23:38:15 +0000 (+0100)
Subject: nv50/ir: Fix memory corruption in Function::orderInstructions().
X-Git-Tag: 062012170305~823
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=18294844584f1a64454593c056148201c4d79ef7;p=profile%2Fivi%2Fmesa.git

nv50/ir: Fix memory corruption in Function::orderInstructions().

"iter" doesn't reference a BasicBlock directly, but a Node::Graph,
i.e. BasicBlock::get() is casting to the wrong pointer type.
---

diff --git a/src/gallium/drivers/nv50/codegen/nv50_ir_bb.cpp b/src/gallium/drivers/nv50/codegen/nv50_ir_bb.cpp
index aafc7cb..c1c8278 100644
--- a/src/gallium/drivers/nv50/codegen/nv50_ir_bb.cpp
+++ b/src/gallium/drivers/nv50/codegen/nv50_ir_bb.cpp
@@ -323,10 +323,14 @@ unsigned int
 Function::orderInstructions(ArrayList &result)
 {
    Iterator *iter;
-   for (iter = cfg.iteratorCFG(); !iter->end(); iter->next())
-      for (Instruction *insn = BasicBlock::get(*iter)->getFirst();
-           insn; insn = insn->next)
+   for (iter = cfg.iteratorCFG(); !iter->end(); iter->next()) {
+      BasicBlock *bb =
+         BasicBlock::get(reinterpret_cast<Graph::Node *>(iter->get()));
+
+      for (Instruction *insn = bb->getFirst(); insn; insn = insn->next)
          result.insert(insn, insn->serial);
+   }
+
    cfg.putIterator(iter);
    return result.getSize();
 }