We were walking the sections, printing the batches, and then freeing
them in one pass. If the batch happens to reference any earlier
sections (which it almost certainly will since it's at the end), we will
access freed memory.
---
src/intel/tools/aubinator_error_decode.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/src/intel/tools/aubinator_error_decode.c
b/src/intel/tools/aubinator_error_decode.c
index f0c5b5b..5f5b6af 100644
--- a/src/intel/tools/aubinator_error_decode.c
+++ b/src/intel/tools/aubinator_error_decode.c
@@ -523,12 +523,14 @@ read_data_file(FILE *file)
gen_print_batch(&batch_ctx, sections[s].data, sections[s].count,
sections[s].gtt_offset);
}
+ }
+
+ gen_batch_decode_ctx_finish(&batch_ctx);
+ for (int s = 0; s < sect_num; s++) {
free(sections[s].ring_name);
free(sections[s].data);
}
-
- gen_batch_decode_ctx_finish(&batch_ctx);
}
static void
--
2.5.0.400.gff86faf
_______________________________________________
mesa-dev mailing list
[email protected]
https://lists.freedesktop.org/mailman/listinfo/mesa-dev
