Mesa (master): winsys/radeon: allow a NULL cs pointer in radeon_bo_map to fix a segfault

[Marek Olšák]

Module: Mesa
Branch: master
Commit: 06b38dbab287026625de302e80e9806db206c43e
URL:    http://cgit.freedesktop.org/mesa/mesa/commit/?id=06b38dbab287026625de302e80e9806db206c43e

Author: Marek Olšák <maraeo at gmail.com>
Date:   Sat Jul 13 00:19:55 2013 +0200

winsys/radeon: allow a NULL cs pointer in radeon_bo_map to fix a segfault

The original idea was that cs=NULL should be allowed here, but we never used
NULL until 862f69fbe1e54e0e9a3c439450a14f. This fixes a segfault in CoreBreach.

---

 src/gallium/winsys/radeon/drm/radeon_drm_bo.c |   20 +++++++++++---------
 1 files changed, 11 insertions(+), 9 deletions(-)

diff --git a/src/gallium/winsys/radeon/drm/radeon_drm_bo.c b/src/gallium/winsys/radeon/drm/radeon_drm_bo.c
index bcd4b27..19e2715 100644
--- a/src/gallium/winsys/radeon/drm/radeon_drm_bo.c
+++ b/src/gallium/winsys/radeon/drm/radeon_drm_bo.c
@@ -458,7 +458,7 @@ static void *radeon_bo_map(struct radeon_winsys_cs_handle *buf,
                  * (neither one is changing it).
                  *
                  * Only check whether the buffer is being used for write. */
-                if (radeon_bo_is_referenced_by_cs_for_write(cs, bo)) {
+                if (cs && radeon_bo_is_referenced_by_cs_for_write(cs, bo)) {
                     cs->flush_cs(cs->flush_data, RADEON_FLUSH_ASYNC);
                     return NULL;
                 }
@@ -468,7 +468,7 @@ static void *radeon_bo_map(struct radeon_winsys_cs_handle *buf,
                     return NULL;
                 }
             } else {
-                if (radeon_bo_is_referenced_by_cs(cs, bo)) {
+                if (cs && radeon_bo_is_referenced_by_cs(cs, bo)) {
                     cs->flush_cs(cs->flush_data, RADEON_FLUSH_ASYNC);
                     return NULL;
                 }
@@ -489,19 +489,21 @@ static void *radeon_bo_map(struct radeon_winsys_cs_handle *buf,
                  * (neither one is changing it).
                  *
                  * Only check whether the buffer is being used for write. */
-                if (radeon_bo_is_referenced_by_cs_for_write(cs, bo)) {
+                if (cs && radeon_bo_is_referenced_by_cs_for_write(cs, bo)) {
                     cs->flush_cs(cs->flush_data, 0);
                 }
                 radeon_bo_wait((struct pb_buffer*)bo,
                                RADEON_USAGE_WRITE);
             } else {
                 /* Mapping for write. */
-                if (radeon_bo_is_referenced_by_cs(cs, bo)) {
-                    cs->flush_cs(cs->flush_data, 0);
-                } else {
-                    /* Try to avoid busy-waiting in radeon_bo_wait. */
-                    if (p_atomic_read(&bo->num_active_ioctls))
-                        radeon_drm_cs_sync_flush(rcs);
+                if (cs) {
+                    if (radeon_bo_is_referenced_by_cs(cs, bo)) {
+                        cs->flush_cs(cs->flush_data, 0);
+                    } else {
+                        /* Try to avoid busy-waiting in radeon_bo_wait. */
+                        if (p_atomic_read(&bo->num_active_ioctls))
+                            radeon_drm_cs_sync_flush(rcs);
+                    }
                 }
 
                 radeon_bo_wait((struct pb_buffer*)bo, RADEON_USAGE_READWRITE);