On 16.12.2016 10:52, Michel Dänzer wrote:
From: Michel Dänzer <[email protected]>
If info->nr_samplers > ctx->nr_fragment_samplers_saved, the assignment
would prevent cso_single_sampler_done from unbinding the no longer used
samplers from the driver, which could result in use-after-free. This is
probably unlikely to happen in practice though.
I'm confused. We never set the entries of info->samplers in the range
[ctx->nr_fragment_samplers_saved, info->nr_samplers) to NULL, so I think
they still aren't unbound despite this patch. Am I missing something?
Nicolai
Cc: "12.0 13.0" <[email protected]>
Signed-off-by: Michel Dänzer <[email protected]>
---
src/gallium/auxiliary/cso_cache/cso_context.c | 1 -
1 file changed, 1 deletion(-)
diff --git a/src/gallium/auxiliary/cso_cache/cso_context.c
b/src/gallium/auxiliary/cso_cache/cso_context.c
index 127e0711c2..2ee87f9184 100644
--- a/src/gallium/auxiliary/cso_cache/cso_context.c
+++ b/src/gallium/auxiliary/cso_cache/cso_context.c
@@ -1275,7 +1275,6 @@ cso_restore_fragment_samplers(struct cso_context *ctx)
{
struct sampler_info *info = &ctx->samplers[PIPE_SHADER_FRAGMENT];
- info->nr_samplers = ctx->nr_fragment_samplers_saved;
memcpy(info->samplers, ctx->fragment_samplers_saved,
sizeof(info->samplers));
cso_single_sampler_done(ctx, PIPE_SHADER_FRAGMENT);
_______________________________________________
mesa-dev mailing list
[email protected]
https://lists.freedesktop.org/mailman/listinfo/mesa-dev
