Good catch! Reviewed-by: Lionel Landwerlin <[email protected]>
On 27/12/17 20:58, Jason Ekstrand wrote:
We were walking the sections, printing the batches, and then freeing them in one pass. If the batch happens to reference any earlier sections (which it almost certainly will since it's at the end), we will access freed memory. --- src/intel/tools/aubinator_error_decode.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/src/intel/tools/aubinator_error_decode.c b/src/intel/tools/aubinator_error_decode.c index f0c5b5b..5f5b6af 100644 --- a/src/intel/tools/aubinator_error_decode.c +++ b/src/intel/tools/aubinator_error_decode.c @@ -523,12 +523,14 @@ read_data_file(FILE *file) gen_print_batch(&batch_ctx, sections[s].data, sections[s].count, sections[s].gtt_offset); } + } + + gen_batch_decode_ctx_finish(&batch_ctx);+ for (int s = 0; s < sect_num; s++) {free(sections[s].ring_name); free(sections[s].data); } - - gen_batch_decode_ctx_finish(&batch_ctx); }static void
_______________________________________________ mesa-dev mailing list [email protected] https://lists.freedesktop.org/mailman/listinfo/mesa-dev
