projects / mesa.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: f876346) | patch
nv50,nvc0: fix use-after-free when vertex buffers are unbound
authorPatrick Rudolph <siro@das-labor.org>
Sun, 6 Dec 2015 09:11:59 +0000 (10:11 +0100)
committerIlia Mirkin <imirkin@alum.mit.edu>
Wed, 9 Dec 2015 18:38:15 +0000 (13:38 -0500)
commit432a798cf5c7fab18a3e32d4073840df7d0d37cb
tree5ded13131ba026f0fec46020846fa5b4579a80fftree
parentf876346cdd2e5d0357ed260eec642beaaa389948commit | diff
nv50,nvc0: fix use-after-free when vertex buffers are unbound

Always reset the vertex bufctx to make sure there's no pointer to
an already freed pipe_resource left after unbinding buffers.
Fixes use after free crash in nvc0_bufctx_fence().

Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=93004
Signed-off-by: Patrick Rudolph <siro@das-labor.org>
[imirkin: simplify nvc0 fix, apply to nv50]
Signed-off-by: Ilia Mirkin <imirkin@alum.mit.edu>
Cc: "11.0 11.1" <mesa-stable@lists.freedesktop.org>
src/gallium/drivers/nouveau/nv50/nv50_state.c diff | blob | history
src/gallium/drivers/nouveau/nvc0/nvc0_state.c diff | blob | history