From 27496af67f1a15a3a9aa5d5e09d43d9365101f71 Mon Sep 17 00:00:00 2001 From: Brian Paul Date: Fri, 18 Apr 2014 12:20:28 -0600 Subject: [PATCH] st/mesa: fix invalid pointer use in st_texture_get_sampler_view() MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit The '**used' pointer was pointing into the stObj->sampler_views array. If 'free' was null, we'd realloc that array, thus making the 'used' pointer invalid. This soon led to memory errors. Just change the pointer to be '*used' so it points directly at the pipe_sampler_view. Reviewed-by: Michel Dänzer --- src/mesa/state_tracker/st_texture.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/mesa/state_tracker/st_texture.c b/src/mesa/state_tracker/st_texture.c index f664ef5f140..92035e8016e 100644 --- a/src/mesa/state_tracker/st_texture.c +++ b/src/mesa/state_tracker/st_texture.c @@ -443,7 +443,7 @@ struct pipe_sampler_view ** st_texture_get_sampler_view(struct st_context *st, struct st_texture_object *stObj) { - struct pipe_sampler_view **used = NULL, **free = NULL; + struct pipe_sampler_view *used = NULL, **free = NULL; GLuint i; for (i = 0; i < stObj->num_sampler_views; ++i) { @@ -455,7 +455,7 @@ st_texture_get_sampler_view(struct st_context *st, return sv; /* Wasn't the right one, but remember it as template */ - used = sv; + used = *sv; } else { /* Found a free slot, remember that */ free = sv; @@ -475,7 +475,7 @@ st_texture_get_sampler_view(struct st_context *st, /* Add just any sampler view to be used as a template */ if (used) - pipe_sampler_view_reference(free, *used); + pipe_sampler_view_reference(free, used); return free; } -- 2.30.2