From 51223784d6a8ee93cf004c9ba87a7e4dcb7b3161 Mon Sep 17 00:00:00 2001
From: Brian Paul <brianp@vmware.com>
Date: Fri, 30 Nov 2012 10:10:25 -0700
Subject: [PATCH] util: added pipe_surface_release() function

To fix a pipe_context::surface_destroy() use-after-free problem.
We previously added pipe_sampler_view_release() for similar reasons.

Note: this is a candidate for the stable branches.

Reviewed-by: Jose Fonseca <jfonseca@vmware.com>
---
 src/gallium/auxiliary/util/u_inlines.h | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/src/gallium/auxiliary/util/u_inlines.h b/src/gallium/auxiliary/util/u_inlines.h
index 6ef5fecc695..cb06ee2e096 100644
--- a/src/gallium/auxiliary/util/u_inlines.h
+++ b/src/gallium/auxiliary/util/u_inlines.h
@@ -114,6 +114,22 @@ pipe_surface_reference(struct pipe_surface **ptr, struct pipe_surface *surf)
    *ptr = surf;
 }
 
+/**
+ * Similar to pipe_surface_reference() but always set the pointer to NULL
+ * and pass in an explicit context.  The explicit context avoids the problem
+ * of using a deleted context's surface_destroy() method when freeing a surface
+ * that's shared by multiple contexts.
+ */
+static INLINE void
+pipe_surface_release(struct pipe_context *pipe, struct pipe_surface **ptr)
+{
+   if (pipe_reference_described(&(*ptr)->reference, NULL,
+                                (debug_reference_descriptor)debug_describe_surface))
+      pipe->surface_destroy(pipe, *ptr);
+   *ptr = NULL;
+}
+
+
 static INLINE void
 pipe_resource_reference(struct pipe_resource **ptr, struct pipe_resource *tex)
 {