diff options
| author | Liam <byteslice@airmail.cc> | 2022-10-10 19:22:26 -0400 |
|---|---|---|
| committer | Liam <byteslice@airmail.cc> | 2022-10-10 19:22:26 -0400 |
| commit | b1cd6cec19de46540db497137e2b93fee5c9ff17 (patch) | |
| tree | 55b7a5b7583763fb58ab6e2bba965aacee70928d | |
| parent | c3cae9d99263afd46a1d3205b29cfa62bebd18b3 (diff) | |
syncpoint_manager: ensure handle is removable before removing
| -rw-r--r-- | src/video_core/host1x/syncpoint_manager.cpp | 12 |
1 files changed, 11 insertions, 1 deletions
diff --git a/src/video_core/host1x/syncpoint_manager.cpp b/src/video_core/host1x/syncpoint_manager.cpp index 326e8355a..a44fc83d3 100644 --- a/src/video_core/host1x/syncpoint_manager.cpp +++ b/src/video_core/host1x/syncpoint_manager.cpp @@ -36,7 +36,17 @@ SyncpointManager::ActionHandle SyncpointManager::RegisterAction( void SyncpointManager::DeregisterAction(std::list<RegisteredAction>& action_storage, ActionHandle& handle) { std::unique_lock lk(guard); - action_storage.erase(handle); + + // We want to ensure the iterator still exists prior to erasing it + // Otherwise, if an invalid iterator was passed in then it could lead to UB + // It is important to avoid UB in that case since the deregister isn't called from a locked + // context + for (auto it = action_storage.begin(); it != action_storage.end(); it++) { + if (it == handle) { + action_storage.erase(it); + return; + } + } } void SyncpointManager::DeregisterGuestAction(u32 syncpoint_id, ActionHandle& handle) { |