[PATCH] Fix SIGSEGV in libdrm for heigth = 0 and width = 0 - dri-devel - freedesktop.org experimental mailing list

7 Nov 2014

drm_intel_gem_bo_free() crashes because the list bo_gem->vma_list is not
yet initialised, but the error path tries to free it.
See also https://bugs.freedesktop.org/show_bug.cgi?id=75844
Reviewed-by: Chris Wilson chris@chris-wilson.co.uk
Signed-off-by: Thomas Meyer thomas@m3y3r.de
---

diff --git a/intel/intel_bufmgr_gem.c b/intel/intel_bufmgr_gem.c
index f2f4fea..b3e9dba 100644
--- a/intel/intel_bufmgr_gem.c
+++ b/intel/intel_bufmgr_gem.c
@@ -759,15 +759,16 @@ retry:
    	bo_gem->swizzle_mode = I915_BIT_6_SWIZZLE_NONE;
    	bo_gem->stride = 0;
+		/* drm_intel_gem_bo_free calls DRMLISTDEL() for an uninitialized
+		   list (vma_list), so better set the list head here */
+		DRMINITLISTHEAD(&bo_gem->name_list);
+		DRMINITLISTHEAD(&bo_gem->vma_list);
    	if (drm_intel_gem_bo_set_tiling_internal(&bo_gem->bo,
    						 tiling_mode,
    						 stride)) {
    	    drm_intel_gem_bo_free(&bo_gem->bo);
    	    return NULL;
    	}
-
-		DRMINITLISTHEAD(&bo_gem->name_list);
-		DRMINITLISTHEAD(&bo_gem->vma_list);
    }
bo_gem->name = name;

    