From 94dd0b9ee9f55e7c09b8c0ee18939fa69ce66da2 Mon Sep 17 00:00:00 2001
From: Chris Wilson <chris@chris-wilson.co.uk>
Date: Sat, 10 Nov 2012 16:52:09 +0000
Subject: [PATCH] sna/gen2: Fix use of uninitialised redirection

==29553== Invalid read of size 4
==29553==    at 0x4980E1B: _list_del (intel_list.h:218)
==29553==    by 0x4980EB3: list_del (intel_list.h:240)
==29553==    by 0x4981F53: free_list (sna_damage.c:403)
==29553==    by 0x4985139: __sna_damage_destroy (sna_damage.c:1467)
==29553==    by 0x49A527E: sna_render_composite_redirect_done (sna_render.c:1921)
==29553==    by 0x49C6904: gen2_render_composite_done (gen2_render.c:1136)
==29553==    by 0x497F917: sna_composite (sna_composite.c:567)
==29553==    by 0x8150C41: ??? (in /usr/bin/Xorg)
==29553==    by 0x8142F13: CompositePicture (in /usr/bin/Xorg)
==29553==    by 0x8145F58: ??? (in /usr/bin/Xorg)
==29553==    by 0x81436F2: ??? (in /usr/bin/Xorg)
==29553==    by 0x807965C: ??? (in /usr/bin/Xorg)
==29553==  Address 0x9407e188 is not stack'd, malloc'd or (recently) free'd

Reported-by: bonbons67@internet.lu
Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=56785
Signed-off-by: Chris Wilson <chris@chris-wilson.co.uk>
---
 src/sna/gen2_render.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/src/sna/gen2_render.c b/src/sna/gen2_render.c
index 6e51c18a..9663dff5 100644
--- a/src/sna/gen2_render.c
+++ b/src/sna/gen2_render.c
@@ -1803,6 +1803,8 @@ gen2_render_composite(struct sna *sna,
 	}
 
 	tmp->op = op;
+
+	sna_render_composite_redirect_init(tmp);
 	if (too_large(tmp->dst.width, tmp->dst.height) ||
 	    tmp->dst.bo->pitch > MAX_3D_PITCH) {
 		if (!sna_render_composite_redirect(sna, tmp,
@@ -2298,6 +2300,8 @@ gen2_render_composite_spans(struct sna *sna,
 	}
 
 	tmp->base.op = op;
+
+	sna_render_composite_redirect_init(&tmp->base);
 	if (too_large(tmp->base.dst.width, tmp->base.dst.height) ||
 	    tmp->base.dst.bo->pitch > MAX_3D_PITCH) {
 		if (!sna_render_composite_redirect(sna, &tmp->base,