projects / mesa.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 63faf7d)
gbm: fix potential NULL deref of mapImage/unmapImage.
authorChuanbo Weng <chuanbo.weng@intel.com>
Tue, 6 Sep 2016 09:28:43 +0000 (17:28 +0800)
committerEmil Velikov <emil.l.velikov@gmail.com>
Mon, 12 Sep 2016 15:52:55 +0000 (16:52 +0100)
The mapImage/unmapImage functions of DRIimage extension can be NULL,
so we should add additional check for them.

Cc: <mesa-stable@lists.freedesktop.org>
Signed-off-by: Chuanbo Weng <chuanbo.weng@intel.com>
Reviewed-by: Emil Velikov <emil.velikov@collabora.com>
src/gbm/backends/dri/gbm_dri.c patch | blob | history

diff --git a/src/gbm/backends/dri/gbm_dri.c b/src/gbm/backends/dri/gbm_dri.c
index c1f9d62d36686c744f447d44b5584ba682773d18..0ab67dad21000d385fe62f68c0116aa086e83cd5 100644 (file)
--- a/src/gbm/backends/dri/gbm_dri.c
+++ b/src/gbm/backends/dri/gbm_dri.c
@@ -949,7 +949,7 @@ gbm_dri_bo_map(struct gbm_bo *_bo,
       return *map_data;
    }
 
-   if (!dri->image || dri->image->base.version < 12) {
+   if (!dri->image || dri->image->base.version < 12 || !dri->image->mapImage) {
       errno = ENOSYS;
       return NULL;
    }
@@ -980,7 +980,8 @@ gbm_dri_bo_unmap(struct gbm_bo *_bo, void *map_data)
       return;
    }
 
-   if (!dri->context || !dri->image || dri->image->base.version < 12)
+   if (!dri->context || !dri->image ||
+       dri->image->base.version < 12 || !dri->image->unmapImage)
       return;
 
    dri->image->unmapImage(dri->context, bo->image, map_data);