On Mon, Jan 16, 2017 at 1:13 AM, Topi Pohjolainen <
topi.pohjolai...@gmail.com> wrote:
> There exact same check earlier in brw_miptree_layout() which
> intel_miptree_create_layout() in turn calls unconditionally.
>
> Signed-off-by: Topi Pohjolainen <topi.pohjolai...@intel.com>
> ---
> src/mesa/drivers/dri/i965/intel_mipmap_tree.c | 7 +------
> 1 file changed, 1 insertion(+), 6 deletions(-)
>
> diff --git a/src/mesa/drivers/dri/i965/intel_mipmap_tree.c
> b/src/mesa/drivers/dri/i965/intel_mipmap_tree.c
> index 25f8f39..9488bec 100644
> --- a/src/mesa/drivers/dri/i965/intel_mipmap_tree.c
> +++ b/src/mesa/drivers/dri/i965/intel_mipmap_tree.c
> @@ -628,13 +628,8 @@ miptree_create(struct brw_context *brw,
> first_level, last_level, width0,
> height0, depth0, num_samples,
> layout_flags);
> - /*
> - * pitch == 0 || height == 0 indicates the null texture
> - */
> - if (!mt || !mt->total_width || !mt->total_height) {
> - intel_miptree_release(&mt);
> + if (!mt)
> return NULL;
>
Ugh... Not quite. More miptree nastiness! Looking through the code,
brw_miptree_layout does do this check and unrefs the miptree but has no way
of indicating to higher levels that it has unref'd the miptree! In other
words, if that ever happens, the aux_disable lines at the end of
intel_miptree_create_layout will read/write freed memory and
intel_miptree_create_layout will a valid-looking (but freed) pointer.
> - }
>
> if (mt->tiling == (I915_TILING_Y | I915_TILING_X))
> mt->tiling = I915_TILING_Y;
> --
> 2.5.5
>
> _______________________________________________
> mesa-dev mailing list
> mesa-dev@lists.freedesktop.org
> https://lists.freedesktop.org/mailman/listinfo/mesa-dev
>
_______________________________________________
mesa-dev mailing list
mesa-dev@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/mesa-dev
