diff mbox

[02/12] intel: Validate output of realloc()

Message ID 1427963547-23614-3-git-send-email-praveen.paneri@intel.com (mailing list archive)
State New, archived
Headers show

Commit Message

Praveen Paneri April 2, 2015, 8:32 a.m. UTC 
realloc will return NULL if failed to allocate the extra memory
requested. Return from function if it fails.

Signed-off-by: Praveen Paneri <praveen.paneri@intel.com>
---
 intel/intel_bufmgr_gem.c | 37 ++++++++++++++++++++++++++++---------
 1 file changed, 28 insertions(+), 9 deletions(-)

Comments

Chris Wilson April 2, 2015, 10:07 a.m. UTC | #1 
On Thu, Apr 02, 2015 at 02:02:17PM +0530, Praveen Paneri wrote:
> realloc will return NULL if failed to allocate the extra memory
> requested. Return from function if it fails.

NAK. Silently passing absolute addresses to the GPU to read and write is
not a good idea.
-Chris
diff mbox

Patch

diff --git a/intel/intel_bufmgr_gem.c b/intel/intel_bufmgr_gem.c
index 5a67f53..2f0ced1 100644
--- a/intel/intel_bufmgr_gem.c
+++ b/intel/intel_bufmgr_gem.c
@@ -433,6 +433,8 @@  drm_intel_add_validate_buffer(drm_intel_bo *bo)
 	drm_intel_bufmgr_gem *bufmgr_gem = (drm_intel_bufmgr_gem *) bo->bufmgr;
 	drm_intel_bo_gem *bo_gem = (drm_intel_bo_gem *) bo;
 	int index;
+	struct drm_i915_gem_exec_object *exec_objects;
+	drm_intel_bo **exec_bos;
 
 	if (bo_gem->validate_index != -1)
 		return;
@@ -444,12 +446,20 @@  drm_intel_add_validate_buffer(drm_intel_bo *bo)
 		if (new_size == 0)
 			new_size = 5;
 
-		bufmgr_gem->exec_objects =
-		    realloc(bufmgr_gem->exec_objects,
-			    sizeof(*bufmgr_gem->exec_objects) * new_size);
-		bufmgr_gem->exec_bos =
-		    realloc(bufmgr_gem->exec_bos,
+		exec_objects = realloc(bufmgr_gem->exec_objects,
+				sizeof(*bufmgr_gem->exec_objects) * new_size);
+		if (!exec_objects)
+			return;
+
+		bufmgr_gem->exec_objects = exec_objects;
+
+		exec_bos = realloc(bufmgr_gem->exec_bos,
 			    sizeof(*bufmgr_gem->exec_bos) * new_size);
+		if (!exec_bos)
+			return;
+
+		bufmgr_gem->exec_bos = exec_bos;
+
 		bufmgr_gem->exec_size = new_size;
 	}
 
@@ -471,6 +481,8 @@  drm_intel_add_validate_buffer2(drm_intel_bo *bo, int need_fence)
 	drm_intel_bufmgr_gem *bufmgr_gem = (drm_intel_bufmgr_gem *)bo->bufmgr;
 	drm_intel_bo_gem *bo_gem = (drm_intel_bo_gem *)bo;
 	int index;
+	struct drm_i915_gem_exec_object2 *exec2_objects;
+	drm_intel_bo **exec_bos;
 
 	if (bo_gem->validate_index != -1) {
 		if (need_fence)
@@ -486,12 +498,19 @@  drm_intel_add_validate_buffer2(drm_intel_bo *bo, int need_fence)
 		if (new_size == 0)
 			new_size = 5;
 
-		bufmgr_gem->exec2_objects =
-			realloc(bufmgr_gem->exec2_objects,
+		exec2_objects = realloc(bufmgr_gem->exec2_objects,
 				sizeof(*bufmgr_gem->exec2_objects) * new_size);
-		bufmgr_gem->exec_bos =
-			realloc(bufmgr_gem->exec_bos,
+		if (!exec2_objects)
+			return;
+
+		bufmgr_gem->exec2_objects = exec2_objects;
+
+		exec_bos = realloc(bufmgr_gem->exec_bos,
 				sizeof(*bufmgr_gem->exec_bos) * new_size);
+		if (!exec_bos)
+			return;
+
+		bufmgr_gem->exec_bos = exec_bos;
 		bufmgr_gem->exec_size = new_size;
 	}