From 18294844584f1a64454593c056148201c4d79ef7 Mon Sep 17 00:00:00 2001
From: Francisco Jerez <currojerez@riseup.net>
Date: Tue, 15 Nov 2011 00:38:15 +0100
Subject: [PATCH] nv50/ir: Fix memory corruption in
 Function::orderInstructions().

"iter" doesn't reference a BasicBlock directly, but a Node::Graph,
i.e. BasicBlock::get() is casting to the wrong pointer type.
---
 src/gallium/drivers/nv50/codegen/nv50_ir_bb.cpp | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/src/gallium/drivers/nv50/codegen/nv50_ir_bb.cpp b/src/gallium/drivers/nv50/codegen/nv50_ir_bb.cpp
index aafc7cb..c1c8278 100644
--- a/src/gallium/drivers/nv50/codegen/nv50_ir_bb.cpp
+++ b/src/gallium/drivers/nv50/codegen/nv50_ir_bb.cpp
@@ -323,10 +323,14 @@ unsigned int
 Function::orderInstructions(ArrayList &result)
 {
    Iterator *iter;
-   for (iter = cfg.iteratorCFG(); !iter->end(); iter->next())
-      for (Instruction *insn = BasicBlock::get(*iter)->getFirst();
-           insn; insn = insn->next)
+   for (iter = cfg.iteratorCFG(); !iter->end(); iter->next()) {
+      BasicBlock *bb =
+         BasicBlock::get(reinterpret_cast<Graph::Node *>(iter->get()));
+
+      for (Instruction *insn = bb->getFirst(); insn; insn = insn->next)
          result.insert(insn, insn->serial);
+   }
+
    cfg.putIterator(iter);
    return result.getSize();
 }
-- 
2.7.4