From: Michel Dänzer <michel.daen...@amd.com> If info->nr_samplers > ctx->nr_fragment_samplers_saved, the assignment would prevent cso_single_sampler_done from unbinding the no longer used samplers from the driver, which could result in use-after-free. This is probably unlikely to happen in practice though.
Cc: "12.0 13.0" <mesa-sta...@lists.freedesktop.org> Signed-off-by: Michel Dänzer <michel.daen...@amd.com> --- src/gallium/auxiliary/cso_cache/cso_context.c | 1 - 1 file changed, 1 deletion(-) diff --git a/src/gallium/auxiliary/cso_cache/cso_context.c b/src/gallium/auxiliary/cso_cache/cso_context.c index 127e0711c2..2ee87f9184 100644 --- a/src/gallium/auxiliary/cso_cache/cso_context.c +++ b/src/gallium/auxiliary/cso_cache/cso_context.c @@ -1275,7 +1275,6 @@ cso_restore_fragment_samplers(struct cso_context *ctx) { struct sampler_info *info = &ctx->samplers[PIPE_SHADER_FRAGMENT]; - info->nr_samplers = ctx->nr_fragment_samplers_saved; memcpy(info->samplers, ctx->fragment_samplers_saved, sizeof(info->samplers)); cso_single_sampler_done(ctx, PIPE_SHADER_FRAGMENT); -- 2.11.0 _______________________________________________ mesa-dev mailing list mesa-dev@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/mesa-dev