From d88a75182d5fccb956fbfccddf627aa1831465be Mon Sep 17 00:00:00 2001
From: Eric Anholt <eric@anholt.net>
Date: Mon, 18 Sep 2017 14:52:32 -0700
Subject: [PATCH] broadcom/vc4: Fix use-after-free for flushing when writing to
 a texture.

I was trying to continue the hash table loop, not the inner loop.  This
tended to work out, because we would have *just* freed the job struct.
Fixes some valgrind failures in fbo-depthtex.

Fixes: f597ac396640 ("vc4: Implement job shuffling")
---
 src/gallium/drivers/vc4/vc4_job.c | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/src/gallium/drivers/vc4/vc4_job.c b/src/gallium/drivers/vc4/vc4_job.c
index 1dab4bedd32..6a1d1a4cebf 100644
--- a/src/gallium/drivers/vc4/vc4_job.c
+++ b/src/gallium/drivers/vc4/vc4_job.c
@@ -118,12 +118,17 @@ vc4_flush_jobs_reading_resource(struct vc4_context *vc4,
                 struct vc4_job *job = entry->data;
 
                 struct vc4_bo **referenced_bos = job->bo_pointers.base;
+                bool found = false;
                 for (int i = 0; i < cl_offset(&job->bo_handles) / 4; i++) {
                         if (referenced_bos[i] == rsc->bo) {
-                                vc4_job_submit(vc4, job);
-                                continue;
+                                found = true;
+                                break;
                         }
                 }
+                if (found) {
+                        vc4_job_submit(vc4, job);
+                        continue;
+                }
 
                 /* Also check for the Z/color buffers, since the references to
                  * those are only added immediately before submit.
-- 
2.30.2