From: Lionel Landwerlin <lionel.g.landwerlin@intel.com>
Date: Wed, 8 May 2019 10:39:09 +0000 (+0100)
Subject: anv: fix use after free
X-Git-Url: https://git.libre-soc.org/?a=commitdiff_plain;h=43596e5f343e6f6dc9a81e36701324f79390cff3;p=mesa.git

anv: fix use after free

Once mem->bo is removed from the cache, it is likely to be freed.

Signed-off-by: Lionel Landwerlin <lionel.g.landwerlin@intel.com>
Fixes: b80930a6fea075 ("anv: add support for VK_EXT_memory_budget")
Reviewed-by: Eric Engestrom <eric.engestrom@intel.com>
---

diff --git a/src/intel/vulkan/anv_device.c b/src/intel/vulkan/anv_device.c
index d74116bd9c9..e9f90604924 100644
--- a/src/intel/vulkan/anv_device.c
+++ b/src/intel/vulkan/anv_device.c
@@ -2995,6 +2995,9 @@ void anv_FreeMemory(
    if (mem->map)
       anv_UnmapMemory(_device, _mem);
 
+   p_atomic_add(&pdevice->memory.heaps[mem->type->heapIndex].used,
+                -mem->bo->size);
+
    anv_bo_cache_release(device, &device->bo_cache, mem->bo);
 
 #if defined(ANDROID) && ANDROID_API_LEVEL >= 26
@@ -3002,9 +3005,6 @@ void anv_FreeMemory(
       AHardwareBuffer_release(mem->ahw);
 #endif
 
-   p_atomic_add(&pdevice->memory.heaps[mem->type->heapIndex].used,
-                -mem->bo->size);
-
    vk_free2(&device->alloc, pAllocator, mem);
 }