diff mbox series

[i-g-t,3/3] tests/amdgpu/amdgpu_command_submission: fix uaf

Message ID 20220628131318.197965-3-matthew.auld@intel.com (mailing list archive)
State New, archived
Headers show
Series [i-g-t,1/3] lib/igt_device_scan: fix dangling pointer | expand

Commit Message

Matthew Auld June 28, 2022, 1:13 p.m. UTC 
../lib/amdgpu/amd_command_submission.c: In function ‘amdgpu_command_submission_write_linear_helper’:
../lib/amdgpu/amd_command_submission.c:201:13: warning: pointer ‘ring_context’ used after ‘free’ [-Wuse-after-free]
  201 |         r = amdgpu_cs_ctx_free(ring_context->context_handle);
      |             ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
../lib/amdgpu/amd_command_submission.c:199:9: note: call to ‘free’ here
  199 |         free(ring_context);
      |         ^~~~~~~~~~~~~~~~~~

Signed-off-by: Matthew Auld <matthew.auld@intel.com>
Cc: Petri Latvala <petri.latvala@intel.com>
---
 lib/amdgpu/amd_command_submission.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Comments

Gwan-gyeong Mun June 29, 2022, 8:55 a.m. UTC | #1 
Looks good to me.

Reviewed-by: Gwan-gyeong Mun <gwan-gyeong.mun@intel.com>


On 6/28/22 4:13 PM, Matthew Auld wrote:
> ../lib/amdgpu/amd_command_submission.c: In function ‘amdgpu_command_submission_write_linear_helper’:
> ../lib/amdgpu/amd_command_submission.c:201:13: warning: pointer ‘ring_context’ used after ‘free’ [-Wuse-after-free]
>    201 |         r = amdgpu_cs_ctx_free(ring_context->context_handle);
>        |             ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> ../lib/amdgpu/amd_command_submission.c:199:9: note: call to ‘free’ here
>    199 |         free(ring_context);
>        |         ^~~~~~~~~~~~~~~~~~
> 
> Signed-off-by: Matthew Auld <matthew.auld@intel.com>
> Cc: Petri Latvala <petri.latvala@intel.com>
> ---
>   lib/amdgpu/amd_command_submission.c | 2 +-
>   1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/lib/amdgpu/amd_command_submission.c b/lib/amdgpu/amd_command_submission.c
> index 4dc4df95..16939653 100644
> --- a/lib/amdgpu/amd_command_submission.c
> +++ b/lib/amdgpu/amd_command_submission.c
> @@ -196,10 +196,10 @@ void amdgpu_command_submission_write_linear_helper(amdgpu_device_handle device,
>   	}
>   	/* clean resources */
>   	free(ring_context->pm4);
> -	free(ring_context);
>   	/* end of test */
>   	r = amdgpu_cs_ctx_free(ring_context->context_handle);
>   	igt_assert_eq(r, 0);
> +	free(ring_context);
>   }
>   
>   
>
diff mbox series

Patch

diff --git a/lib/amdgpu/amd_command_submission.c b/lib/amdgpu/amd_command_submission.c
index 4dc4df95..16939653 100644
--- a/lib/amdgpu/amd_command_submission.c
+++ b/lib/amdgpu/amd_command_submission.c
@@ -196,10 +196,10 @@  void amdgpu_command_submission_write_linear_helper(amdgpu_device_handle device,
 	}
 	/* clean resources */
 	free(ring_context->pm4);
-	free(ring_context);
 	/* end of test */
 	r = amdgpu_cs_ctx_free(ring_context->context_handle);
 	igt_assert_eq(r, 0);
+	free(ring_context);
 }