To fix a pipe_context::surface_destroy() use-after-free problem. We previously added pipe_sampler_view_release() for similar reasons.
Note: this is a candidate for the stable branches. --- src/gallium/auxiliary/util/u_inlines.h | 16 ++++++++++++++++ 1 files changed, 16 insertions(+), 0 deletions(-) diff --git a/src/gallium/auxiliary/util/u_inlines.h b/src/gallium/auxiliary/util/u_inlines.h index 6ef5fec..cb06ee2 100644 --- a/src/gallium/auxiliary/util/u_inlines.h +++ b/src/gallium/auxiliary/util/u_inlines.h @@ -114,6 +114,22 @@ pipe_surface_reference(struct pipe_surface **ptr, struct pipe_surface *surf) *ptr = surf; } +/** + * Similar to pipe_surface_reference() but always set the pointer to NULL + * and pass in an explicit context. The explicit context avoids the problem + * of using a deleted context's surface_destroy() method when freeing a surface + * that's shared by multiple contexts. + */ +static INLINE void +pipe_surface_release(struct pipe_context *pipe, struct pipe_surface **ptr) +{ + if (pipe_reference_described(&(*ptr)->reference, NULL, + (debug_reference_descriptor)debug_describe_surface)) + pipe->surface_destroy(pipe, *ptr); + *ptr = NULL; +} + + static INLINE void pipe_resource_reference(struct pipe_resource **ptr, struct pipe_resource *tex) { -- 1.7.3.4 _______________________________________________ mesa-dev mailing list mesa-dev@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/mesa-dev