projects / mesa.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 1a79064)
i915g: fix use after free
authorDaniel Vetter <daniel.vetter@ffwll.ch>
Fri, 11 Mar 2011 22:20:44 +0000 (23:20 +0100)
committerDaniel Vetter <daniel.vetter@ffwll.ch>
Sat, 12 Mar 2011 19:31:30 +0000 (20:31 +0100)
Pipe templates should be copied if still needed after the create
call completes.

Signed-off-by: Daniel Vetter <daniel.vetter@ffwll.ch>
src/gallium/drivers/i915/i915_context.h patch | blob | history
src/gallium/drivers/i915/i915_state.c patch | blob | history

diff --git a/src/gallium/drivers/i915/i915_context.h b/src/gallium/drivers/i915/i915_context.h
index 96abaf3f23a2f031de0c8c085c171a2d5c87e036..62becbcccbf00b4190d1782954ee0633022daf0c 100644 (file)
--- a/src/gallium/drivers/i915/i915_context.h
+++ b/src/gallium/drivers/i915/i915_context.h
@@ -188,7 +188,7 @@ struct i915_rasterizer_state {
    unsigned LIS7;
    unsigned sc[1];
 
-   const struct pipe_rasterizer_state *templ;
+   struct pipe_rasterizer_state templ;
 
    union { float f; unsigned u; } ds[2];
 };
diff --git a/src/gallium/drivers/i915/i915_state.c b/src/gallium/drivers/i915/i915_state.c
index a694649c417f8047a6a09532aefa88a7999f2a52..4d134c1e163643a4ccc7424ae5c3f54ab94fdc27 100644 (file)
--- a/src/gallium/drivers/i915/i915_state.c
+++ b/src/gallium/drivers/i915/i915_state.c
@@ -688,7 +688,7 @@ i915_create_rasterizer_state(struct pipe_context *pipe,
 {
    struct i915_rasterizer_state *cso = CALLOC_STRUCT( i915_rasterizer_state );
 
-   cso->templ = rasterizer;
+   cso->templ = *rasterizer;
    cso->color_interp = rasterizer->flatshade ? INTERP_CONSTANT : INTERP_LINEAR;
    cso->light_twoside = rasterizer->light_twoside;
    cso->ds[0].u = _3DSTATE_DEPTH_OFFSET_SCALE;
@@ -759,7 +759,7 @@ static void i915_bind_rasterizer_state( struct pipe_context *pipe,
 
    /* pass-through to draw module */
    draw_set_rasterizer_state(i915->draw,
-                           (i915->rasterizer ? i915->rasterizer->templ : NULL),
+                           (i915->rasterizer ? &(i915->rasterizer->templ) : NULL),
                            raster);
 
    i915->dirty |= I915_NEW_RASTERIZER;