| Message ID | 1432721046-4418-5-git-send-email-fziglio@redhat.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
On 27 May 2015 at 20:03, Frediano Ziglio <fziglio@redhat.com> wrote: > Is we are not able to get source bo object from handle we free > destination bo object and call cleanup code however destination > object was already inserted in reloc_info array (num_relocs was > already incremented) so on cleanup we free destination again. > > Signed-off-by: Frediano Ziglio <fziglio@redhat.com> Reviewed-by: Dave Airlie <airlied@redhat.com>
diff --git a/qxl/qxl_ioctl.c b/qxl/qxl_ioctl.c index 230ab84..85b3808 100644 --- a/qxl/qxl_ioctl.c +++ b/qxl/qxl_ioctl.c @@ -240,8 +240,6 @@ static int qxl_process_single_command(struct qxl_device *qdev, qxlhw_handle_to_bo(qdev, file_priv, reloc.src_handle, release); if (!reloc_info[i].src_bo) { - if (reloc_info[i].dst_bo != cmd_bo) - drm_gem_object_unreference_unlocked(&reloc_info[i].dst_bo->gem_base); ret = -EINVAL; goto out_free_bos; }
Is we are not able to get source bo object from handle we free destination bo object and call cleanup code however destination object was already inserted in reloc_info array (num_relocs was already incremented) so on cleanup we free destination again. Signed-off-by: Frediano Ziglio <fziglio@redhat.com> --- qxl/qxl_ioctl.c | 2 -- 1 file changed, 2 deletions(-)