From 68a097596efdf314ec60487a1761cac789ae2367 Mon Sep 17 00:00:00 2001 From: Brian Paul Date: Thu, 24 Jan 2013 14:44:09 -0700 Subject: [PATCH] util: add some defensive coding in u_upload_alloc() Some callers of this function were checking the 'ptr' result to see if the function failed. But the correct way is to check the regular return value for PIPE_ERROR_x. Now we initialize all the returned values at the top of the function in case we do hit an error (like OOM). Callers are more likely to detect OOM conditions now. But there are some callers which don't do any error checking... Note: This is a candidate for the 9.0 branch. Reviewed-by: Jose Fonseca --- src/gallium/auxiliary/util/u_upload_mgr.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/src/gallium/auxiliary/util/u_upload_mgr.c b/src/gallium/auxiliary/util/u_upload_mgr.c index ee1c6881ef2..47d39af67aa 100644 --- a/src/gallium/auxiliary/util/u_upload_mgr.c +++ b/src/gallium/auxiliary/util/u_upload_mgr.c @@ -163,6 +163,13 @@ enum pipe_error u_upload_alloc( struct u_upload_mgr *upload, unsigned alloc_offset = align(min_out_offset, upload->alignment); unsigned offset; + /* Init these return values here in case we fail below to make + * sure the caller doesn't get garbage values. + */ + *out_offset = ~0; + *outbuf = NULL; + *ptr = NULL; + /* Make sure we have enough space in the upload buffer * for the sub-allocation. */ if (MAX2(upload->offset, alloc_offset) + alloc_size > upload->size) { @@ -183,7 +190,6 @@ enum pipe_error u_upload_alloc( struct u_upload_mgr *upload, &upload->transfer); if (!upload->map) { pipe_resource_reference(outbuf, NULL); - *ptr = NULL; upload->transfer = NULL; return PIPE_ERROR_OUT_OF_MEMORY; } -- 2.30.2