projects / mesa.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 2eafd07)
nouveau: Fix bugs in nouveau_video_buffer
authorMaarten Lankhorst <m.b.lankhorst@gmail.com>
Mon, 19 Dec 2011 09:06:58 +0000 (10:06 +0100)
committerChristoph Bumiller <e0425955@student.tuwien.ac.at>
Fri, 23 Dec 2011 15:21:25 +0000 (16:21 +0100)
Double free and array overflow, even if only 2 members are
used the last one needs to be set to NULL explicitly.

Signed-off-by: Maarten Lankhorst <m.b.lankhorst@gmail.com
src/gallium/drivers/nouveau/nouveau_video.c patch | blob | history
src/gallium/drivers/nouveau/nouveau_video.h patch | blob | history

diff --git a/src/gallium/drivers/nouveau/nouveau_video.c b/src/gallium/drivers/nouveau/nouveau_video.c
index 162e1aa89a6a26136135e0c35f523211d076ab36..a442537c3206bfe631dcf7e8a4765c983b103ff5 100644 (file)
--- a/src/gallium/drivers/nouveau/nouveau_video.c
+++ b/src/gallium/drivers/nouveau/nouveau_video.c
@@ -835,7 +835,6 @@ nouveau_video_buffer_create(struct pipe_context *pipe,
 
 error:
    nouveau_video_buffer_destroy(&buffer->base);
-   FREE(buffer);
    return NULL;
 }
 
diff --git a/src/gallium/drivers/nouveau/nouveau_video.h b/src/gallium/drivers/nouveau/nouveau_video.h
index c6875c39a04152dc1337178ec8b36e4956536915..22593ff9bbc9210ec8f407d9e27634ac8b83a7a8 100644 (file)
--- a/src/gallium/drivers/nouveau/nouveau_video.h
+++ b/src/gallium/drivers/nouveau/nouveau_video.h
@@ -7,10 +7,10 @@
 struct nouveau_video_buffer {
    struct pipe_video_buffer base;
    unsigned num_planes;
-   struct pipe_resource     *resources[2];
-   struct pipe_sampler_view *sampler_view_planes[2];
+   struct pipe_resource     *resources[3];
+   struct pipe_sampler_view *sampler_view_planes[3];
    struct pipe_sampler_view *sampler_view_components[3];
-   struct pipe_surface      *surfaces[2];
+   struct pipe_surface      *surfaces[3];
 };
 
 struct nouveau_decoder {