summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorLiam <byteslice@airmail.cc>2022-10-10 19:22:26 -0400
committerLiam <byteslice@airmail.cc>2022-10-10 19:22:26 -0400
commitb1cd6cec19de46540db497137e2b93fee5c9ff17 (patch)
tree55b7a5b7583763fb58ab6e2bba965aacee70928d
parentc3cae9d99263afd46a1d3205b29cfa62bebd18b3 (diff)
syncpoint_manager: ensure handle is removable before removing
-rw-r--r--src/video_core/host1x/syncpoint_manager.cpp12
1 files changed, 11 insertions, 1 deletions
diff --git a/src/video_core/host1x/syncpoint_manager.cpp b/src/video_core/host1x/syncpoint_manager.cpp
index 326e8355a..a44fc83d3 100644
--- a/src/video_core/host1x/syncpoint_manager.cpp
+++ b/src/video_core/host1x/syncpoint_manager.cpp
@@ -36,7 +36,17 @@ SyncpointManager::ActionHandle SyncpointManager::RegisterAction(
void SyncpointManager::DeregisterAction(std::list<RegisteredAction>& action_storage,
ActionHandle& handle) {
std::unique_lock lk(guard);
- action_storage.erase(handle);
+
+ // We want to ensure the iterator still exists prior to erasing it
+ // Otherwise, if an invalid iterator was passed in then it could lead to UB
+ // It is important to avoid UB in that case since the deregister isn't called from a locked
+ // context
+ for (auto it = action_storage.begin(); it != action_storage.end(); it++) {
+ if (it == handle) {
+ action_storage.erase(it);
+ return;
+ }
+ }
}
void SyncpointManager::DeregisterGuestAction(u32 syncpoint_id, ActionHandle& handle) {