From 6187084ba0c865e1e24cb90ab63872e1ce40c195802207b2184bf7ed24406a3d Mon Sep 17 00:00:00 2001
From: Stefan Dirsch <sndirsch@suse.com>
Date: Mon, 31 May 2010 20:14:33 +0000
Subject: [PATCH] - intel: Use the correct size when allocating
 reloc_target_info   array. Thomas tracked down this error with kdm and commit
 b509640

OBS-URL: https://build.opensuse.org/package/show/X11:XOrg/libdrm?expand=0&rev=49
---
 commit-3506173.diff | 54 +++++++++++++++++++++++++++++++++++++++++++++
 libdrm.changes      |  6 +++++
 libdrm.spec         |  2 ++
 3 files changed, 62 insertions(+)
 create mode 100644 commit-3506173.diff

diff --git a/commit-3506173.diff b/commit-3506173.diff
new file mode 100644
index 0000000..a28019c
--- /dev/null
+++ b/commit-3506173.diff
@@ -0,0 +1,54 @@
+commit 3506173ba7e726a9d0a17ec42734a925a885b01e
+Author: Chris Wilson <chris@chris-wilson.co.uk>
+Date:   Sun Apr 11 18:40:38 2010 +0100
+
+    intel: Use the correct size when allocating reloc_target_info array
+    
+    Thomas tracked down this error with kdm and commit b509640:
+    
+    ==4320== Invalid write of size 8
+    ==4320==    at 0x9A97998: do_bo_emit_reloc (in /usr/lib/libdrm_intel.so.1.0.0)
+    ==4320==    by 0x9A97B9C: drm_intel_gem_bo_emit_reloc (in /usr/lib/libdrm_intel.so.1.0.0)
+    ==4320==    by 0xAED3234: intel_batchbuffer_emit_reloc (in /usr/lib/xorg/modules/dri/i965_dri.so)
+    ==4320==    by 0xAF13827: brw_emit_vertices (in /usr/lib/xorg/modules/dri/i965_dri.so)
+    ==4320==    by 0xAF1F14D: brw_upload_state (in /usr/lib/xorg/modules/dri/i965_dri.so)
+    ==4320==    by 0xAF12122: brw_draw_prims (in /usr/lib/xorg/modules/dri/i965_dri.so)
+    ==4320==    by 0xB256824: vbo_exec_vtx_flush (in /usr/lib/xorg/modules/dri/libdricore.so)
+    ==4320==    by 0xB2523BB: vbo_exec_FlushVertices_internal (in /usr/lib/xorg/modules/dri/libdricore.so)
+    ==4320==    by 0xB252411: vbo_exec_FlushVertices (in /usr/lib/xorg/modules/dri/libdricore.so)
+    ==4320==    by 0xB195A3D: _mesa_PopAttrib (in /usr/lib/xorg/modules/dri/libdricore.so)
+    ==4320==    by 0x8DF0F02: __glXDisp_Render (in /usr/lib/xorg/modules/extensions/libglx.xorg)
+    ==4320==    by 0x8DF517F: __glXDispatch (in /usr/lib/xorg/modules/extensions/libglx.xorg)
+    ==4320==  Address 0x126a8b80 is 0 bytes after a block of size 16,368 alloc'd
+    ==4320==    at 0x4C23E03: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
+    ==4320==    by 0x9A97A64: do_bo_emit_reloc (in /usr/lib/libdrm_intel.so.1.0.0)
+    ==4320==    by 0x9A97B9C: drm_intel_gem_bo_emit_reloc (in /usr/lib/libdrm_intel.so.1.0.0)
+    ==4320==    by 0xAED3234: intel_batchbuffer_emit_reloc (in /usr/lib/xorg/modules/dri/i965_dri.so)
+    ==4320==    by 0xAF191DB: upload_binding_table_pointers (in /usr/lib/xorg/modules/dri/i965_dri.so)
+    ==4320==    by 0xAF1F14D: brw_upload_state (in /usr/lib/xorg/modules/dri/i965_dri.so)
+    ==4320==    by 0xAF12122: brw_draw_prims (in /usr/lib/xorg/modules/dri/i965_dri.so)
+    ==4320==    by 0xB255EF6: vbo_exec_DrawArrays (in /usr/lib/xorg/modules/dri/libdricore.so)
+    ==4320==    by 0x8DF67A3: __glXDisp_DrawArrays (in /usr/lib/xorg/modules/extensions/libglx.xorg)
+    ==4320==    by 0x8DF0F02: __glXDisp_Render (in /usr/lib/xorg/modules/extensions/libglx.xorg)
+    ==4320==    by 0x8DF517F: __glXDispatch (in /usr/lib/xorg/modules/extensions/libglx.xorg)
+    ==4320==    by 0x446293: ??? (in /usr/bin/Xorg)
+    
+    which is simply due to only allocating space for the pointers and not
+    the structs themselves. D'oh.
+    
+    Reported-by: Thomas Bächler <thomas@archlinux.org>
+    Signed-off-by: Chris Wilson <chris@chris-wilson.co.uk>
+
+diff --git a/intel/intel_bufmgr_gem.c b/intel/intel_bufmgr_gem.c
+index 8e46e37..a2cf6e6 100644
+--- a/intel/intel_bufmgr_gem.c
++++ b/intel/intel_bufmgr_gem.c
+@@ -470,7 +470,7 @@ drm_intel_setup_reloc_list(drm_intel_bo *bo)
+ 	bo_gem->relocs = malloc(max_relocs *
+ 				sizeof(struct drm_i915_gem_relocation_entry));
+ 	bo_gem->reloc_target_info = malloc(max_relocs *
+-					   sizeof(drm_intel_reloc_target *));
++					   sizeof(drm_intel_reloc_target));
+ 	if (bo_gem->relocs == NULL || bo_gem->reloc_target_info == NULL) {
+ 		bo_gem->has_error = 1;
+ 
diff --git a/libdrm.changes b/libdrm.changes
index 5d81087..8758ed7 100644
--- a/libdrm.changes
+++ b/libdrm.changes
@@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Mon May 31 22:08:35 CEST 2010 - sndirsch@suse.de
+
+- intel: Use the correct size when allocating reloc_target_info
+  array. Thomas tracked down this error with kdm and commit b509640
+
 -------------------------------------------------------------------
 Fri Apr  9 09:40:21 CEST 2010 - sndirsch@suse.de
 
diff --git a/libdrm.spec b/libdrm.spec
index efd96fa..ff08180 100644
--- a/libdrm.spec
+++ b/libdrm.spec
@@ -37,6 +37,7 @@ Summary:        Userspace Interface for Kernel DRM Services
 Source:         %{name}-%{version}.tar.bz2
 Source2:        baselibs.conf
 Patch:          enable_test_tools.diff
+Patch1:         commit-3506173.diff
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 
 %description
@@ -62,6 +63,7 @@ services.
 %prep
 %setup -q
 %patch
+%patch1 -p1
 
 %build
 autoreconf -fi