Mesa (master): util: Don't access members of NULL pointers

GitLab Mirror gitlab-mirror at kemper.freedesktop.org
Thu Dec 12 15:41:56 UTC 2019 

Module: Mesa
Branch: master
Commit: 165cb0a5fec9be37ce15846f5b12eb580a9d6c63
URL:    http://cgit.freedesktop.org/mesa/mesa/commit/?id=165cb0a5fec9be37ce15846f5b12eb580a9d6c63

Author: Tomeu Vizoso <tomeu.vizoso at collabora.com>
Date:   Thu Dec 12 15:00:40 2019 +0100

util: Don't access members of NULL pointers

Should be harmless, but UBSAN complains about it and fills the logs with
noise.

../src/gallium/auxiliary/util/u_inlines.h:110:8: runtime error: member access within null pointer of type 'struct pipe_surface'"}
    #0 0xaaccf186 in pipe_surface_reference ../src/gallium/auxiliary/util/u_inlines.h:110"}
    #1 0xaaccf186 in util_copy_framebuffer_state ../src/gallium/auxiliary/util/u_framebuffer.c:105"}
    #2 0xaabfb60e in cso_set_framebuffer ../src/gallium/auxiliary/cso_cache/cso_context.c:723"}
    #3 0xaae195ce in st_update_framebuffer_state ../src/mesa/state_tracker/st_atom_framebuffer.c:207"}
    #4 0xaae12316 in st_validate_state ../src/mesa/state_tracker/st_atom.c:261"}
    #5 0xaae31302 in st_Clear ../src/mesa/state_tracker/st_cb_clear.c:438"}
    #6 0x4c3d0e in deqp::gles2::TestCaseWrapper::iterate(tcu::TestCase*) (/deqp/modules/gles2/deqp-gles2+0x2ad0e)"}
    #7 0x828cf2 in tcu::TestSessionExecutor::iterateTestCase(tcu::TestCase*) (/deqp/modules/gles2/deqp-gles2+0x38fcf2)"}
    #8 0x8295f0 in tcu::TestSessionExecutor::iterate() (/deqp/modules/gles2/deqp-gles2+0x3905f0)"}
    #9 0x810aac in tcu::App::iterate() (/deqp/modules/gles2/deqp-gles2+0x377aac)"}
    #10 0x4c1d4c in main (/deqp/modules/gles2/deqp-gles2+0x28d4c)"}
    #11 0xb64b6aa8 in __libc_start_main (/lib/arm-linux-gnueabihf/libc.so.6+0x1aaa8)"}

Signed-off-by: Tomeu Vizoso <tomeu.vizoso at collabora.com>
Reviewed-by: Alyssa Rosenzweig <alyssa.rosenzweig at collabora.com>

---

 src/gallium/auxiliary/util/u_inlines.h | 15 ++++++++++-----
 1 file changed, 10 insertions(+), 5 deletions(-)

diff --git a/src/gallium/auxiliary/util/u_inlines.h b/src/gallium/auxiliary/util/u_inlines.h
index 40512625ad9..8adf343cf8a 100644
--- a/src/gallium/auxiliary/util/u_inlines.h
+++ b/src/gallium/auxiliary/util/u_inlines.h
@@ -107,7 +107,8 @@ pipe_surface_reference(struct pipe_surface **dst, struct pipe_surface *src)
 {
    struct pipe_surface *old_dst = *dst;
 
-   if (pipe_reference_described(&old_dst->reference, &src->reference,
+   if (pipe_reference_described(old_dst ? &old_dst->reference : NULL,
+                                src ? &src->reference : NULL,
                                 (debug_reference_descriptor)
                                 debug_describe_surface))
       old_dst->context->surface_destroy(old_dst->context, old_dst);
@@ -138,7 +139,8 @@ pipe_resource_reference(struct pipe_resource **dst, struct pipe_resource *src)
 {
    struct pipe_resource *old_dst = *dst;
 
-   if (pipe_reference_described(&old_dst->reference, &src->reference,
+   if (pipe_reference_described(old_dst ? &old_dst->reference : NULL,
+                                src ? &src->reference : NULL,
                                 (debug_reference_descriptor)
                                 debug_describe_resource)) {
       /* Avoid recursion, which would prevent inlining this function */
@@ -147,7 +149,8 @@ pipe_resource_reference(struct pipe_resource **dst, struct pipe_resource *src)
 
          old_dst->screen->resource_destroy(old_dst->screen, old_dst);
          old_dst = next;
-      } while (pipe_reference_described(&old_dst->reference, NULL,
+      } while (pipe_reference_described(old_dst ? &old_dst->reference : NULL,
+                                        NULL,
                                         (debug_reference_descriptor)
                                         debug_describe_resource));
    }
@@ -185,7 +188,8 @@ pipe_sampler_view_reference(struct pipe_sampler_view **dst,
 {
    struct pipe_sampler_view *old_dst = *dst;
 
-   if (pipe_reference_described(&old_dst->reference, &src->reference,
+   if (pipe_reference_described(old_dst ? &old_dst->reference : NULL,
+                                src ? &src->reference : NULL,
                                 (debug_reference_descriptor)
                                 debug_describe_sampler_view))
       old_dst->context->sampler_view_destroy(old_dst->context, old_dst);
@@ -198,7 +202,8 @@ pipe_so_target_reference(struct pipe_stream_output_target **dst,
 {
    struct pipe_stream_output_target *old_dst = *dst;
 
-   if (pipe_reference_described(&old_dst->reference, &src->reference,
+   if (pipe_reference_described(old_dst ? &old_dst->reference : NULL,
+                     src ? &src->reference : NULL,
                      (debug_reference_descriptor)debug_describe_so_target))
       old_dst->context->stream_output_target_destroy(old_dst->context, old_dst);
    *dst = src;

More information about the mesa-commit mailing list