Skip to content

Commit

Permalink
Fix double free crash when create mmd fail
Browse files Browse the repository at this point in the history
Fix: intel#1795, intel#1789
Signed-off-by: Jay Yang <[email protected]>
  • Loading branch information
MicroYY committed Jun 11, 2024
1 parent a0391f7 commit f055ba8
Show file tree
Hide file tree
Showing 2 changed files with 30 additions and 20 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -375,10 +375,16 @@ void* MmdDevice::CreateFactory(
{
MMD_FAILURE();
}

// transfer ownership of osinterface. No need to delete osinterface from this point.
device->Initialize(osInterface, mhwInterfaces);
if (device->m_mmdDevice == nullptr)
{
MMD_FAILURE();
mhwInterfaces->Destroy();
// no need to delete osinterface becauses it's already deleted in device->Initialize
MOS_Delete(mhwInterfaces);
MOS_Delete(device);
return nullptr;
}

void *mmdDevice = device->m_mmdDevice;
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -277,35 +277,38 @@ MOS_STATUS MmdDeviceXe_Hpm::Initialize(
PMOS_INTERFACE osInterface,
MhwInterfaces *mhwInterfaces)
{
#define MMD_FAILURE() \
{ \
if (device != nullptr) \
{ \
MOS_Delete(device); \
} \
return MOS_STATUS_NO_SPACE; \
}
MHW_FUNCTION_ENTER;

Mmd *device = nullptr;

if (mhwInterfaces->m_miInterface == nullptr)
if (mhwInterfaces->m_miInterface == nullptr || mhwInterfaces->m_veboxInterface == nullptr)
{
MMD_FAILURE();
}

if (mhwInterfaces->m_veboxInterface == nullptr)
{
MMD_FAILURE();
if (osInterface != nullptr)
{
if (osInterface->pfnDestroy)
{
osInterface->pfnDestroy(osInterface, false);
}
MOS_FreeMemory(osInterface);
}
return MOS_STATUS_NULL_POINTER;
}

Mmd *device = nullptr;
device = MOS_New(Mmd);

if (device == nullptr)
{
MMD_FAILURE();
if (osInterface != nullptr)
{
if (osInterface->pfnDestroy)
{
osInterface->pfnDestroy(osInterface, false);
}
MOS_FreeMemory(osInterface);
}
return MOS_STATUS_NO_SPACE;
}

// transfer ownership of osinterface to device. device will have exclusive ownership of osinterface and free it.
if (device->Initialize(
osInterface,
mhwInterfaces->m_cpInterface,
Expand All @@ -317,7 +320,8 @@ MOS_STATUS MmdDeviceXe_Hpm::Initialize(
mhwInterfaces->m_cpInterface = nullptr;
mhwInterfaces->m_miInterface = nullptr;
mhwInterfaces->m_veboxInterface = nullptr;
MMD_FAILURE();
MOS_Delete(device);
return MOS_STATUS_UNKNOWN;
}

m_mmdDevice = device;
Expand Down

0 comments on commit f055ba8

Please sign in to comment.