Segfault in vcsm-cma when allocating more than 512 buffers

raspberrypi / userland

Source code for ARM side libraries for interfacing to Raspberry Pi GPU.

BSD 3-Clause "New" or "Revised" License

2.05k stars 1.09k forks source link

Segfault in vcsm-cma when allocating more than 512 buffers #690

Closed doe300 closed 3 years ago

doe300 commented 3 years ago

Using the VCSM library (via the CMA path), when calling vcsm_malloc_cache more than 512 times, the last allocation crashes with a SEGFAULT.

This is most likely due to vcsm_payload_list_get() returning a NULL-pointer and vcsm_malloc_cache does not check for such a case and unconditionally writes to it.