Mesa (master): tnl: Don't dereference NULL obj pointer in replay_init

GitLab Mirror gitlab-mirror at kemper.freedesktop.org
Mon Apr 13 17:49:39 UTC 2020 

Module: Mesa
Branch: master
Commit: 2e43b32e72b2adf7ce865f56cf2647b137a5342a
URL:    http://cgit.freedesktop.org/mesa/mesa/commit/?id=2e43b32e72b2adf7ce865f56cf2647b137a5342a

Author: Ian Romanick <ian.d.romanick at intel.com>
Date:   Wed Apr  8 11:03:45 2020 -0700

tnl: Don't dereference NULL obj pointer in replay_init

Structurally the code is now similar to the handling of other
gl_buffer_object::obj pointers elsewhere in TNL.  The fixes tag is a
little bit misleading.  I think the change in that commit just exposes a
previously existing bug.

Closes: https://gitlab.freedesktop.org/mesa/mesa/-/issues/2746
Fixes: f3cce7087a5 ("mesa: don't ever bind NullBufferObj for glBindBuffer targets")
Reviewed-by: Marek Olšák <marek.olsak at amd.com>
Part-of: <https://gitlab.freedesktop.org/mesa/mesa/-/merge_requests/4512>

---

 src/mesa/tnl/t_split_copy.c | 18 ++++++++++--------
 1 file changed, 10 insertions(+), 8 deletions(-)

diff --git a/src/mesa/tnl/t_split_copy.c b/src/mesa/tnl/t_split_copy.c
index 801cb71790b..10f90b57d4d 100644
--- a/src/mesa/tnl/t_split_copy.c
+++ b/src/mesa/tnl/t_split_copy.c
@@ -476,14 +476,16 @@ replay_init(struct copy_context *copy)
     * caller convert non-indexed prims to indexed.  Could alternately
     * do it internally.
     */
-   if (copy->ib->obj &&
-       !_mesa_bufferobj_mapped(copy->ib->obj, MAP_INTERNAL))
-      ctx->Driver.MapBufferRange(ctx, 0, copy->ib->obj->Size, GL_MAP_READ_BIT,
-                                 copy->ib->obj, MAP_INTERNAL);
-
-   srcptr = (const GLubyte *)
-            ADD_POINTERS(copy->ib->obj->Mappings[MAP_INTERNAL].Pointer,
-                         copy->ib->ptr);
+   if (copy->ib->obj) {
+      if (!_mesa_bufferobj_mapped(copy->ib->obj, MAP_INTERNAL))
+         ctx->Driver.MapBufferRange(ctx, 0, copy->ib->obj->Size, GL_MAP_READ_BIT,
+                                    copy->ib->obj, MAP_INTERNAL);
+
+      srcptr = (const GLubyte *)
+         ADD_POINTERS(copy->ib->obj->Mappings[MAP_INTERNAL].Pointer,
+                      copy->ib->ptr);
+   } else
+      srcptr = copy->ib->ptr;
 
    switch (copy->ib->index_size_shift) {
    case 0:

More information about the mesa-commit mailing list