Mesa (master): nouveau: fix potential NULL-ptr dereference in nouveau_stateobj.h

Maarten Maathuis madman2003 at kemper.freedesktop.org
Fri Aug 6 22:02:50 UTC 2010 

Module: Mesa
Branch: master
Commit: a838cee6bc3a2e144c00f0a5f0a7791cd97037ab
URL:    http://cgit.freedesktop.org/mesa/mesa/commit/?id=a838cee6bc3a2e144c00f0a5f0a7791cd97037ab

Author: Maarten Maathuis <madman2003 at gmail.com>
Date:   Fri Aug  6 23:56:31 2010 +0200

nouveau: fix potential NULL-ptr dereference in nouveau_stateobj.h

- This can only be triggered when DEBUG_NOUVEAU_STATEOBJ is active.
- Also remove a redundant pointer assignment.

Reported-by: Roy Spliet <r.spliet at student.tudelft.nl>
Signed-off-by: Maarten Maathuis <madman2003 at gmail.com>

---

 src/gallium/drivers/nouveau/nouveau_stateobj.h |   10 ++++------
 1 files changed, 4 insertions(+), 6 deletions(-)

diff --git a/src/gallium/drivers/nouveau/nouveau_stateobj.h b/src/gallium/drivers/nouveau/nouveau_stateobj.h
index f5c1c5c..e920cf9 100644
--- a/src/gallium/drivers/nouveau/nouveau_stateobj.h
+++ b/src/gallium/drivers/nouveau/nouveau_stateobj.h
@@ -151,9 +151,9 @@ so_method(struct nouveau_stateobj *so, struct nouveau_grobj *gr,
 	if (so->start_alloc <= so->cur_start) {
 		debug_printf("exceeding num_start size\n");
 		assert(0);
-	} else
+	}
 #endif /* DEBUG_NOUVEAU_STATEOBJ */
-		start = so->start;
+	start = so->start;
 
 #ifdef DEBUG_NOUVEAU_STATEOBJ
 	if (so->cur_start > 0 && start[so->cur_start - 1].size > so->cur) {
@@ -162,7 +162,6 @@ so_method(struct nouveau_stateobj *so, struct nouveau_grobj *gr,
 	}
 #endif /* DEBUG_NOUVEAU_STATEOBJ */
 
-	so->start = start;
 	start[so->cur_start].gr = gr;
 	start[so->cur_start].mthd = mthd;
 	start[so->cur_start].size = size;
@@ -193,11 +192,10 @@ so_reloc(struct nouveau_stateobj *so, struct nouveau_bo *bo,
 	if (so->reloc_alloc <= so->cur_reloc) {
 		debug_printf("exceeding num_reloc size\n");
 		assert(0);
-	} else
+	}
 #endif /* DEBUG_NOUVEAU_STATEOBJ */
-		r = so->reloc;
+	r = so->reloc;
 
-	so->reloc = r;
 	r[so->cur_reloc].bo = NULL;
 	nouveau_bo_ref(bo, &(r[so->cur_reloc].bo));
 	r[so->cur_reloc].gr = so->start[so->cur_start-1].gr;

More information about the mesa-commit mailing list