From: Xuelian Bai <xuelian.bai@samsung.com>
Date: Mon, 23 May 2022 05:44:12 +0000 (+0800)
Subject: Fix double free issue
X-Git-Tag: submit/tizen/20220810.124903~1
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=8223bc3ea0d4c875d00ce2475e22186fccd1c378;p=platform%2Fupstream%2FVulkan-Loader.git

Fix double free issue

dEQP-VK.api.object_management.alloc_callback_fail.device is crashed on
RPI4, it's caused by double free in icd_term->logical_device_list.
This patch intend to avoid duplicated item in
icd_term->logical_device_list.

Change-Id: Icfd35f8fad70a06a5697d9dc0c0a330f83e08fc6
Signed-off-by: Xuelian Bai <xuelian.bai@samsung.com>
---

diff --git a/loader/loader.c b/loader/loader.c
index b50eb00f..2ca3c26a 100644
--- a/loader/loader.c
+++ b/loader/loader.c
@@ -1225,6 +1225,18 @@ struct loader_device *loader_create_logical_device(const struct loader_instance
 }
 
 void loader_add_logical_device(const struct loader_instance *inst, struct loader_icd_term *icd_term, struct loader_device *dev) {
+    /* Fix double free issue in dEQP-VK.api.object_management.alloc_callback_fail.device   */
+    /* It's possible that when dev is free and reallocated, pointer address is not changed */
+    /* This will lead to duplicated item in one list, then cause double free               */
+    struct loader_device *prev_dev = NULL;
+    prev_dev = icd_term->logical_device_list;
+    while (prev_dev && prev_dev != dev) {
+        prev_dev = prev_dev->next;
+    }
+    if (prev_dev == dev) {
+        return;
+    }
+
     dev->next = icd_term->logical_device_list;
     icd_term->logical_device_list = dev;
 }