From 0888477c3fe8b58d6eb144c4e5db4aee1f8e4d54 Mon Sep 17 00:00:00 2001
From: zhangqiang <zhangqiang349@huawei.com>
Date: Thu, 5 Jun 2025 11:32:25 +0800
Subject: [PATCH] fix heap-use-after-free (batch_state)

Signed-off-by: zhangqiang <zhangqiang349@huawei.com>
---
 src/gallium/drivers/zink/zink_batch.c | 13 +------------
 1 file changed, 1 insertion(+), 12 deletions(-)

diff --git a/src/gallium/drivers/zink/zink_batch.c b/src/gallium/drivers/zink/zink_batch.c
index 21cae967758..5354bc0f032 100644
--- a/src/gallium/drivers/zink/zink_batch.c
+++ b/src/gallium/drivers/zink/zink_batch.c
@@ -447,18 +447,7 @@ get_batch_state(struct zink_context *ctx)
       if (bs == ctx->last_free_batch_state)
          ctx->last_free_batch_state = NULL;
    }
-   /* try from the ones that are given back to the screen next */
-   if (!bs) {
-      simple_mtx_lock(&screen->free_batch_states_lock);
-      if (screen->free_batch_states) {
-         bs = screen->free_batch_states;
-         bs->ctx = ctx;
-         screen->free_batch_states = bs->next;
-         if (bs == screen->last_free_batch_state)
-            screen->last_free_batch_state = NULL;
-      }
-      simple_mtx_unlock(&screen->free_batch_states_lock);
-   }
+
    /* states are stored sequentially, so if the first one doesn't work, none of them will */
    if (!bs && ctx->batch_states && ctx->batch_states->next) {
       /* only a submitted state can be reused */
-- 
Gitee