From 06713a40798d97aa520b119731418ff16a92e4ba Mon Sep 17 00:00:00 2001 From: Daniel Vetter Date: Fri, 11 Mar 2011 23:20:44 +0100 Subject: [PATCH] i915g: fix use after free Pipe templates should be copied if still needed after the create call completes. Signed-off-by: Daniel Vetter --- src/gallium/drivers/i915/i915_context.h | 2 +- src/gallium/drivers/i915/i915_state.c | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/src/gallium/drivers/i915/i915_context.h b/src/gallium/drivers/i915/i915_context.h index 96abaf3f23a..62becbcccbf 100644 --- a/src/gallium/drivers/i915/i915_context.h +++ b/src/gallium/drivers/i915/i915_context.h @@ -188,7 +188,7 @@ struct i915_rasterizer_state { unsigned LIS7; unsigned sc[1]; - const struct pipe_rasterizer_state *templ; + struct pipe_rasterizer_state templ; union { float f; unsigned u; } ds[2]; }; diff --git a/src/gallium/drivers/i915/i915_state.c b/src/gallium/drivers/i915/i915_state.c index a694649c417..4d134c1e163 100644 --- a/src/gallium/drivers/i915/i915_state.c +++ b/src/gallium/drivers/i915/i915_state.c @@ -688,7 +688,7 @@ i915_create_rasterizer_state(struct pipe_context *pipe, { struct i915_rasterizer_state *cso = CALLOC_STRUCT( i915_rasterizer_state ); - cso->templ = rasterizer; + cso->templ = *rasterizer; cso->color_interp = rasterizer->flatshade ? INTERP_CONSTANT : INTERP_LINEAR; cso->light_twoside = rasterizer->light_twoside; cso->ds[0].u = _3DSTATE_DEPTH_OFFSET_SCALE; @@ -759,7 +759,7 @@ static void i915_bind_rasterizer_state( struct pipe_context *pipe, /* pass-through to draw module */ draw_set_rasterizer_state(i915->draw, - (i915->rasterizer ? i915->rasterizer->templ : NULL), + (i915->rasterizer ? &(i915->rasterizer->templ) : NULL), raster); i915->dirty |= I915_NEW_RASTERIZER; -- 2.30.2