From 43596e5f343e6f6dc9a81e36701324f79390cff3 Mon Sep 17 00:00:00 2001 From: Lionel Landwerlin Date: Wed, 8 May 2019 11:39:09 +0100 Subject: [PATCH] anv: fix use after free Once mem->bo is removed from the cache, it is likely to be freed. Signed-off-by: Lionel Landwerlin Fixes: b80930a6fea075 ("anv: add support for VK_EXT_memory_budget") Reviewed-by: Eric Engestrom --- src/intel/vulkan/anv_device.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/intel/vulkan/anv_device.c b/src/intel/vulkan/anv_device.c index d74116bd9c9..e9f90604924 100644 --- a/src/intel/vulkan/anv_device.c +++ b/src/intel/vulkan/anv_device.c @@ -2995,6 +2995,9 @@ void anv_FreeMemory( if (mem->map) anv_UnmapMemory(_device, _mem); + p_atomic_add(&pdevice->memory.heaps[mem->type->heapIndex].used, + -mem->bo->size); + anv_bo_cache_release(device, &device->bo_cache, mem->bo); #if defined(ANDROID) && ANDROID_API_LEVEL >= 26 @@ -3002,9 +3005,6 @@ void anv_FreeMemory( AHardwareBuffer_release(mem->ahw); #endif - p_atomic_add(&pdevice->memory.heaps[mem->type->heapIndex].used, - -mem->bo->size); - vk_free2(&device->alloc, pAllocator, mem); } -- 2.30.2