Applied. Thanks Haihao
> The calloc function maybe return NULL, it will causing > memory access violation if continue using NULL C structure. > Add assert function to do checking on its. > > bugzilla: > https://bugs.freedesktop.org/show_bug.cgi?id=91699 > > Signed-off-by: Lim Siew Hoon <siew.hoon....@intel.com> > --- > src/gen6_mfc_common.c | 2 ++ > src/gen6_mfd.c | 1 + > src/gen75_mfd.c | 3 +++ > src/gen75_picture_process.c | 1 + > src/gen75_vme.c | 2 ++ > src/gen75_vpp_gpe.c | 1 + > src/gen75_vpp_vebox.c | 1 + > src/gen7_mfd.c | 3 +++ > src/gen7_vme.c | 1 + > src/gen8_mfc.c | 2 +- > src/gen8_vme.c | 1 + > src/gen9_mfc.c | 1 + > src/gen9_mfc_hevc.c | 2 ++ > src/gen9_mfd.c | 1 + > src/gen9_vme.c | 2 ++ > src/i965_avc_bsd.c | 1 + > src/i965_encoder.c | 1 + > src/i965_media.c | 2 ++ > src/i965_media_h264.c | 1 + > src/i965_media_mpeg2.c | 1 + > src/i965_post_processing.c | 1 + > src/intel_batchbuffer.c | 1 + > 22 files changed, 31 insertions(+), 1 deletion(-) > > diff --git a/src/gen6_mfc_common.c b/src/gen6_mfc_common.c > index 53e31de..663d197 100644 > --- a/src/gen6_mfc_common.c > +++ b/src/gen6_mfc_common.c > @@ -650,6 +650,7 @@ VAStatus intel_mfc_avc_prepare(VADriverContextP ctx, > > if ( obj_surface->private_data == NULL) { > gen6_avc_surface = calloc(sizeof(GenAvcSurface), 1); > + assert(gen6_avc_surface); > gen6_avc_surface->dmv_top = > dri_bo_alloc(i965->intel.bufmgr, > "Buffer", > @@ -696,6 +697,7 @@ VAStatus intel_mfc_avc_prepare(VADriverContextP ctx, > if ( obj_surface->private_data == NULL) { > > gen6_avc_surface = calloc(sizeof(GenAvcSurface), 1); > + assert(gen6_avc_surface); > gen6_avc_surface->dmv_top = > dri_bo_alloc(i965->intel.bufmgr, > "Buffer", > diff --git a/src/gen6_mfd.c b/src/gen6_mfd.c > index 2dd05a1..5ab2db0 100755 > --- a/src/gen6_mfd.c > +++ b/src/gen6_mfd.c > @@ -61,6 +61,7 @@ gen6_mfd_init_avc_surface(VADriverContextP ctx, > > if (!gen6_avc_surface) { > gen6_avc_surface = calloc(sizeof(GenAvcSurface), 1); > + assert(gen6_avc_surface); > gen6_avc_surface->base.frame_store_id = -1; > assert((obj_surface->size & 0x3f) == 0); > obj_surface->private_data = gen6_avc_surface; > diff --git a/src/gen75_mfd.c b/src/gen75_mfd.c > index 11cde1f..0acded3 100644 > --- a/src/gen75_mfd.c > +++ b/src/gen75_mfd.c > @@ -67,6 +67,7 @@ gen75_mfd_init_avc_surface(VADriverContextP ctx, > > if (!gen7_avc_surface) { > gen7_avc_surface = calloc(sizeof(GenAvcSurface), 1); > + assert(gen7_avc_surface); > gen7_avc_surface->base.frame_store_id = -1; > assert((obj_surface->size & 0x3f) == 0); > obj_surface->private_data = gen7_avc_surface; > @@ -1511,6 +1512,7 @@ gen75_mfd_init_vc1_surface(VADriverContextP ctx, > > if (!gen7_vc1_surface) { > gen7_vc1_surface = calloc(sizeof(struct gen7_vc1_surface), 1); > + assert(gen7_vc1_surface); > assert((obj_surface->size & 0x3f) == 0); > obj_surface->private_data = gen7_vc1_surface; > } > @@ -3250,6 +3252,7 @@ gen75_dec_hw_context_init(VADriverContextP ctx, struct > object_config *obj_config > struct gen7_mfd_context *gen7_mfd_context = calloc(1, sizeof(struct > gen7_mfd_context)); > int i; > > + assert(gen7_mfd_context); > gen7_mfd_context->base.destroy = gen75_mfd_context_destroy; > gen7_mfd_context->base.run = gen75_mfd_decode_picture; > gen7_mfd_context->base.batch = intel_batchbuffer_new(intel, > I915_EXEC_RENDER, 0); > diff --git a/src/gen75_picture_process.c b/src/gen75_picture_process.c > index cf20ed9..ed50532 100644 > --- a/src/gen75_picture_process.c > +++ b/src/gen75_picture_process.c > @@ -266,6 +266,7 @@ gen75_proc_context_init(VADriverContextP ctx, > struct intel_video_process_context *proc_context > = calloc(1, sizeof(struct intel_video_process_context)); > > + assert(proc_context); > proc_context->base.destroy = gen75_proc_context_destroy; > proc_context->base.run = gen75_proc_picture; > > diff --git a/src/gen75_vme.c b/src/gen75_vme.c > index 576e91a..0b8855d 100644 > --- a/src/gen75_vme.c > +++ b/src/gen75_vme.c > @@ -1037,6 +1037,8 @@ Bool gen75_vme_context_init(VADriverContextP ctx, > struct intel_encoder_context * > > break; > } > + > + assert(vme_context); > vme_context->vme_kernel_sum = i965_kernel_num; > vme_context->gpe_context.surface_state_binding_table.length = > (SURFACE_STATE_PADDED_SIZE + sizeof(unsigned int)) * MAX_MEDIA_SURFACES_GEN6; > > diff --git a/src/gen75_vpp_gpe.c b/src/gen75_vpp_gpe.c > index 52a0e2f..118a544 100644 > --- a/src/gen75_vpp_gpe.c > +++ b/src/gen75_vpp_gpe.c > @@ -871,6 +871,7 @@ vpp_gpe_context_init(VADriverContextP ctx) > { > struct i965_driver_data *i965 = i965_driver_data(ctx); > struct vpp_gpe_context *vpp_gpe_ctx = calloc(1, sizeof(struct > vpp_gpe_context)); > + assert(vpp_gpe_ctx); > struct i965_gpe_context *gpe_ctx = &(vpp_gpe_ctx->gpe_ctx); > > assert(IS_HASWELL(i965->intel.device_info) || > diff --git a/src/gen75_vpp_vebox.c b/src/gen75_vpp_vebox.c > index 7a066f9..06c27f8 100644 > --- a/src/gen75_vpp_vebox.c > +++ b/src/gen75_vpp_vebox.c > @@ -1763,6 +1763,7 @@ struct intel_vebox_context * > gen75_vebox_context_init(VADriverContextP ctx) > struct intel_vebox_context *proc_context = calloc(1, sizeof(struct > intel_vebox_context)); > int i; > > + assert(proc_context); > proc_context->batch = intel_batchbuffer_new(intel, I915_EXEC_VEBOX, 0); > > for (i = 0; i < ARRAY_ELEMS(proc_context->frame_store); i++) > diff --git a/src/gen7_mfd.c b/src/gen7_mfd.c > index 1d04ed4..4e668ce 100755 > --- a/src/gen7_mfd.c > +++ b/src/gen7_mfd.c > @@ -65,6 +65,7 @@ gen7_mfd_init_avc_surface(VADriverContextP ctx, > > if (!gen7_avc_surface) { > gen7_avc_surface = calloc(sizeof(GenAvcSurface), 1); > + assert(gen7_avc_surface); > gen7_avc_surface->base.frame_store_id = -1; > assert((obj_surface->size & 0x3f) == 0); > obj_surface->private_data = gen7_avc_surface; > @@ -1246,6 +1247,7 @@ gen7_mfd_init_vc1_surface(VADriverContextP ctx, > > if (!gen7_vc1_surface) { > gen7_vc1_surface = calloc(sizeof(struct gen7_vc1_surface), 1); > + assert(gen7_vc1_surface); > assert((obj_surface->size & 0x3f) == 0); > obj_surface->private_data = gen7_vc1_surface; > } > @@ -2729,6 +2731,7 @@ gen7_dec_hw_context_init(VADriverContextP ctx, struct > object_config *obj_config) > struct gen7_mfd_context *gen7_mfd_context = calloc(1, sizeof(struct > gen7_mfd_context)); > int i; > > + assert(gen7_mfd_context); > gen7_mfd_context->base.destroy = gen7_mfd_context_destroy; > gen7_mfd_context->base.run = gen7_mfd_decode_picture; > gen7_mfd_context->base.batch = intel_batchbuffer_new(intel, > I915_EXEC_RENDER, 0); > diff --git a/src/gen7_vme.c b/src/gen7_vme.c > index dc15445..7b116ad 100644 > --- a/src/gen7_vme.c > +++ b/src/gen7_vme.c > @@ -1031,6 +1031,7 @@ Bool gen7_vme_context_init(VADriverContextP ctx, struct > intel_encoder_context *e > struct gen6_vme_context *vme_context = calloc(1, sizeof(struct > gen6_vme_context)); > struct i965_kernel *vme_kernel_list = NULL; > > + assert(vme_context); > vme_context->gpe_context.surface_state_binding_table.length = > (SURFACE_STATE_PADDED_SIZE + sizeof(unsigned int)) * > MAX_MEDIA_SURFACES_GEN6; > > diff --git a/src/gen8_mfc.c b/src/gen8_mfc.c > index daa860c..9908257 100644 > --- a/src/gen8_mfc.c > +++ b/src/gen8_mfc.c > @@ -4571,7 +4571,7 @@ static VAStatus gen8_mfc_pipeline(VADriverContextP ctx, > Bool gen8_mfc_context_init(VADriverContextP ctx, struct > intel_encoder_context *encoder_context) > { > struct gen6_mfc_context *mfc_context = calloc(1, sizeof(struct > gen6_mfc_context)); > - > + assert(mfc_context); > mfc_context->gpe_context.surface_state_binding_table.length = > (SURFACE_STATE_PADDED_SIZE + sizeof(unsigned int)) * MAX_MEDIA_SURFACES_GEN6; > > mfc_context->gpe_context.idrt.max_entries = MAX_GPE_KERNELS; > diff --git a/src/gen8_vme.c b/src/gen8_vme.c > index ace3288..5dd502c 100644 > --- a/src/gen8_vme.c > +++ b/src/gen8_vme.c > @@ -1338,6 +1338,7 @@ Bool gen8_vme_context_init(VADriverContextP ctx, struct > intel_encoder_context *e > //If the codec is JPEG, bypass VME > if(encoder_context->codec != CODEC_JPEG) { > vme_context = calloc(1, sizeof(struct gen6_vme_context)); > + assert(vme_context); > vme_context->vme_kernel_sum = i965_kernel_num; > vme_context->gpe_context.surface_state_binding_table.length = > (SURFACE_STATE_PADDED_SIZE + sizeof(unsigned int)) * MAX_MEDIA_SURFACES_GEN6; > > diff --git a/src/gen9_mfc.c b/src/gen9_mfc.c > index b328f75..63a9c21 100644 > --- a/src/gen9_mfc.c > +++ b/src/gen9_mfc.c > @@ -1717,6 +1717,7 @@ Bool gen9_mfc_context_init(VADriverContextP ctx, struct > intel_encoder_context *e > return gen8_mfc_context_init(ctx, encoder_context); > > mfc_context = calloc(1, sizeof(struct gen6_mfc_context)); > + assert(mfc_context); > mfc_context->gpe_context.surface_state_binding_table.length = > (SURFACE_STATE_PADDED_SIZE + sizeof(unsigned int)) * MAX_MEDIA_SURFACES_GEN6; > > mfc_context->gpe_context.idrt.max_entries = MAX_GPE_KERNELS; > diff --git a/src/gen9_mfc_hevc.c b/src/gen9_mfc_hevc.c > index e52e408..bf601ec 100644 > --- a/src/gen9_mfc_hevc.c > +++ b/src/gen9_mfc_hevc.c > @@ -1984,6 +1984,7 @@ VAStatus intel_hcpe_hevc_prepare(VADriverContextP ctx, > > hevc_encoder_surface = calloc(sizeof(GenHevcSurface), 1); > > + assert(hevc_encoder_surface); > hevc_encoder_surface->motion_vector_temporal_bo = > dri_bo_alloc(i965->intel.bufmgr, > "motion vector temporal buffer", > @@ -2583,6 +2584,7 @@ Bool gen9_hcpe_context_init(VADriverContextP ctx, > struct intel_encoder_context * > { > struct gen9_hcpe_context *hcpe_context = calloc(1, sizeof(struct > gen9_hcpe_context)); > > + assert(hcpe_context); > hcpe_context->pipe_mode_select = gen9_hcpe_pipe_mode_select; > hcpe_context->set_surface_state = gen9_hcpe_surface_state; > hcpe_context->ind_obj_base_addr_state = > gen9_hcpe_ind_obj_base_addr_state; > diff --git a/src/gen9_mfd.c b/src/gen9_mfd.c > index c435e30..da76378 100644 > --- a/src/gen9_mfd.c > +++ b/src/gen9_mfd.c > @@ -77,6 +77,7 @@ gen9_hcpd_init_hevc_surface(VADriverContextP ctx, > > if (!gen9_hevc_surface) { > gen9_hevc_surface = calloc(sizeof(GenHevcSurface), 1); > + assert(gen9_hevc_surface); > gen9_hevc_surface->base.frame_store_id = -1; > obj_surface->private_data = gen9_hevc_surface; > } > diff --git a/src/gen9_vme.c b/src/gen9_vme.c > index b28470b..736b13a 100644 > --- a/src/gen9_vme.c > +++ b/src/gen9_vme.c > @@ -1817,6 +1817,8 @@ Bool gen9_vme_context_init(VADriverContextP ctx, struct > intel_encoder_context *e > > break; > } > + > + assert(vme_context); > vme_context->vme_kernel_sum = i965_kernel_num; > vme_context->gpe_context.surface_state_binding_table.length = > (SURFACE_STATE_PADDED_SIZE + sizeof(unsigned int)) * MAX_MEDIA_SURFACES_GEN6; > > diff --git a/src/i965_avc_bsd.c b/src/i965_avc_bsd.c > index e6e86b0..157a107 100644 > --- a/src/i965_avc_bsd.c > +++ b/src/i965_avc_bsd.c > @@ -51,6 +51,7 @@ i965_avc_bsd_init_avc_bsd_surface(VADriverContextP ctx, > > if (!avc_bsd_surface) { > avc_bsd_surface = calloc(sizeof(GenAvcSurface), 1); > + assert(avc_bsd_surface); > avc_bsd_surface->base.frame_store_id = -1; > assert((obj_surface->size & 0x3f) == 0); > obj_surface->private_data = avc_bsd_surface; > diff --git a/src/i965_encoder.c b/src/i965_encoder.c > index 22e4ec6..de851d1 100644 > --- a/src/i965_encoder.c > +++ b/src/i965_encoder.c > @@ -662,6 +662,7 @@ intel_enc_hw_context_init(VADriverContextP ctx, > struct intel_encoder_context *encoder_context = calloc(1, sizeof(struct > intel_encoder_context)); > int i; > > + assert(encoder_context); > encoder_context->base.destroy = intel_encoder_context_destroy; > encoder_context->base.run = intel_encoder_end_picture; > encoder_context->base.batch = intel_batchbuffer_new(intel, > I915_EXEC_RENDER, 0); > diff --git a/src/i965_media.c b/src/i965_media.c > index a13c233..3e33b9b 100644 > --- a/src/i965_media.c > +++ b/src/i965_media.c > @@ -338,6 +338,7 @@ g4x_dec_hw_context_init(VADriverContextP ctx, struct > object_config *obj_config) > struct intel_driver_data *intel = intel_driver_data(ctx); > struct i965_media_context *media_context = calloc(1, sizeof(struct > i965_media_context)); > > + assert(media_context); > media_context->base.destroy = i965_media_context_destroy; > media_context->base.run = i965_media_decode_picture; > media_context->base.batch = intel_batchbuffer_new(intel, > I915_EXEC_RENDER, 0); > @@ -368,6 +369,7 @@ ironlake_dec_hw_context_init(VADriverContextP ctx, struct > object_config *obj_con > struct intel_driver_data *intel = intel_driver_data(ctx); > struct i965_media_context *media_context = calloc(1, sizeof(struct > i965_media_context)); > > + assert(media_context); > media_context->base.destroy = i965_media_context_destroy; > media_context->base.run = i965_media_decode_picture; > media_context->base.batch = intel_batchbuffer_new(intel, > I915_EXEC_RENDER, 0); > diff --git a/src/i965_media_h264.c b/src/i965_media_h264.c > index 8ec7e4f..5b05ac0 100644 > --- a/src/i965_media_h264.c > +++ b/src/i965_media_h264.c > @@ -844,6 +844,7 @@ i965_media_h264_dec_context_init(VADriverContextP ctx, > struct i965_media_context > sizeof(h264_avc_kernels_gen5[0]))); > assert(NUM_AVC_MC_INTERFACES == (sizeof(avc_mc_kernel_offset_gen5) / > sizeof(avc_mc_kernel_offset_gen5[0]))); > + assert(i965_h264_context); > if (IS_IRONLAKE(i965->intel.device_info)) { > memcpy(i965_h264_context->avc_kernels, h264_avc_kernels_gen5, > sizeof(i965_h264_context->avc_kernels)); > avc_mc_kernel_offset = avc_mc_kernel_offset_gen5; > diff --git a/src/i965_media_mpeg2.c b/src/i965_media_mpeg2.c > index 245c8e7..2980bdc 100644 > --- a/src/i965_media_mpeg2.c > +++ b/src/i965_media_mpeg2.c > @@ -979,6 +979,7 @@ i965_media_mpeg2_dec_context_init(VADriverContextP ctx, > struct i965_media_contex > int i; > > i965_mpeg2_context = calloc(1, sizeof(struct i965_mpeg2_context)); > + assert(i965_mpeg2_context); > i965_mpeg2_context->wa_slice_vertical_position = -1; > > /* kernel */ > diff --git a/src/i965_post_processing.c b/src/i965_post_processing.c > index a1c0e4d..6d504d8 100755 > --- a/src/i965_post_processing.c > +++ b/src/i965_post_processing.c > @@ -5510,6 +5510,7 @@ i965_post_processing_init(VADriverContextP ctx) > if (HAS_VPP(i965)) { > if (pp_context == NULL) { > pp_context = calloc(1, sizeof(*pp_context)); > + assert(pp_context); > i965->codec_info->post_processing_context_init(ctx, pp_context, > i965->pp_batch); > i965->pp_context = pp_context; > } > diff --git a/src/intel_batchbuffer.c b/src/intel_batchbuffer.c > index 60178c6..c5604b8 100644 > --- a/src/intel_batchbuffer.c > +++ b/src/intel_batchbuffer.c > @@ -95,6 +95,7 @@ intel_batchbuffer_new(struct intel_driver_data *intel, int > flag, int buffer_size > buffer_size = MAX_BATCH_SIZE; > } > > + assert(batch); > batch->intel = intel; > batch->flag = flag; > batch->run = drm_intel_bo_mrb_exec; _______________________________________________ Libva mailing list Libva@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/libva
