<html>
    <head>
      <base href="https://bugs.freedesktop.org/">
    </head>
    <body><span class="vcard"><a class="email" href="mailto:kenneth@whitecape.org" title="Kenneth Graunke <kenneth@whitecape.org>"> <span class="fn">Kenneth Graunke</span></a>
</span> changed
          <a class="bz_bug_link 
          bz_status_RESOLVED  bz_closed"
   title="RESOLVED FIXED - [HSW][i965] Crash in upload_3dstate_streamout()"
   href="https://bugs.freedesktop.org/show_bug.cgi?id=99231">bug 99231</a>
          <br>
             <table border="1" cellspacing="0" cellpadding="8">
          <tr>
            <th>What</th>
            <th>Removed</th>
            <th>Added</th>
          </tr>

         <tr>
           <td style="text-align:right;">Resolution</td>
           <td>---
           </td>
           <td>FIXED
           </td>
         </tr>

         <tr>
           <td style="text-align:right;">Status</td>
           <td>NEW
           </td>
           <td>RESOLVED
           </td>
         </tr>

         <tr>
           <td style="text-align:right;">Assignee</td>
           <td>intel-3d-bugs@lists.freedesktop.org
           </td>
           <td>kenneth@whitecape.org
           </td>
         </tr></table>
      <p>
        <div>
            <b><a class="bz_bug_link 
          bz_status_RESOLVED  bz_closed"
   title="RESOLVED FIXED - [HSW][i965] Crash in upload_3dstate_streamout()"
   href="https://bugs.freedesktop.org/show_bug.cgi?id=99231#c4">Comment # 4</a>
              on <a class="bz_bug_link 
          bz_status_RESOLVED  bz_closed"
   title="RESOLVED FIXED - [HSW][i965] Crash in upload_3dstate_streamout()"
   href="https://bugs.freedesktop.org/show_bug.cgi?id=99231">bug 99231</a>
              from <span class="vcard"><a class="email" href="mailto:kenneth@whitecape.org" title="Kenneth Graunke <kenneth@whitecape.org>"> <span class="fn">Kenneth Graunke</span></a>
</span></b>
        <pre>Turns out it was different breakage.

Should be fixed by:

commit 62a819184141133478cfdcfa76b62d5bb7e14fd5
Author: Kenneth Graunke <<a href="mailto:kenneth@whitecape.org">kenneth@whitecape.org</a>>
Date:   Fri Dec 30 15:35:02 2016 -0800

    i965: Avoid NULL pointer dereference when transform feedback is off.

    upload_3dstate_streamout can be called when there's no currently bound
    transform feedback object.  In this case, we get the default object,
    which has a NULL shader (previously gl_shader_program, now gl_program).

    The old code did something sketchy, but which worked:

       const struct gl_transform_feedback_info *linked_xfb_info =
          &xfb_obj->shader_program->LinkedTransformFeedback;

    Here, if shader_program is NULL, this would be a bogus pointer of 0x60.
    But we never actually dereferenced it, so it worked out.

    With Timothy's recent reworks, we actually end up dereferencing
    xfb_obj->program along the way, which crashes since it's NULL.

    The solution is to move this pointer initialization into the "active"
    block, where we know it actually exists and won't be bogus.

    Bugzilla: <a class="bz_bug_link 
          bz_status_RESOLVED  bz_closed"
   title="RESOLVED FIXED - [HSW][i965] Crash in upload_3dstate_streamout()"
   href="show_bug.cgi?id=99231">https://bugs.freedesktop.org/show_bug.cgi?id=99231</a>
    Signed-off-by: Kenneth Graunke <<a href="mailto:kenneth@whitecape.org">kenneth@whitecape.org</a>>
    Reviewed-by: Jason Ekstrand <<a href="mailto:jason@jlekstrand.net">jason@jlekstrand.net</a>>
    Reviewed-by: Timothy Arceri <<a href="mailto:timothy.arceri@collabora.com">timothy.arceri@collabora.com</a>></pre>
        </div>
      </p>


      <hr>
      <span>You are receiving this mail because:</span>

      <ul>
          <li>You are the QA Contact for the bug.</li>
          <li>You are the assignee for the bug.</li>
      </ul>
    </body>
</html>