https://bugs.freedesktop.org/show_bug.cgi?id=73473

          Priority: medium
            Bug ID: 73473
          Assignee: nouveau-PD4FTy7X32lNgt0PjOBp9y5qC8QIuHrW@public.gmane.org
           Summary: Potential crash bug in
                    src/gallium/auxiliary/rtasm/rtasm_execmem.c
          Severity: critical
    Classification: Unclassified
                OS: Linux (All)
          Reporter: jaak-89mTbI93R4uuvFJfX82//w@public.gmane.org
          Hardware: x86-64 (AMD64)
            Status: NEW
           Version: unspecified
         Component: Drivers/DRI/nouveau
           Product: Mesa

glxgears[4186]: segfault at ffffffffffffffff ip 000078805fc4b901 sp
00007ce9598e21c0 error 7 in nouveau_dri.so[78805f7d1000+136c000]

Stracing it revealed that the crash happens after a mmap(NULL, 10485760,
PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE,MAP_ANONYMOUS, -1, 0) syscall
returns -1.

I think it might be caused by the return value of mmap not being checked in
src/gallium/auxiliary/rtasm/rtasm_execmem.c, leading to the the memory being
accessed somewhere else.

So it probably needs some

  if (exec_mem == MAP_FAILED)

check somewhere.

PS: Sorry if this is not the correct component.

-- 
You are receiving this mail because:
You are the assignee for the bug.