[Mesa-dev] [PATCH 2/4] glsl: Fix hypothetical NULL dereference related to process_array_type

[Ian Romanick]

From: Ian Romanick <ian.d.romanick at intel.com>

Ensure that process_array_type never returns NULL, and let
process_array_type handle the case where the supplied base type is NULL.

Fixes issues identified by Klocwork analysis:

    Pointer 'type' returned from call to function 'get_type' at line
    1907 may be NULL and may be dereferenced at line 1912.

and

    Pointer 'field_type' checked for NULL at line 4160 will be
    dereferenced at line 4165. Also there is one similar error on line
    4174.

Signed-off-by: Ian Romanick <ian.d.romanick at intel.com>
---
 src/glsl/ast_to_hir.cpp | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/src/glsl/ast_to_hir.cpp b/src/glsl/ast_to_hir.cpp
index 00563f3..eeff8c1 100644
--- a/src/glsl/ast_to_hir.cpp
+++ b/src/glsl/ast_to_hir.cpp
@@ -1702,6 +1702,9 @@ process_array_type(YYLTYPE *loc, const glsl_type *base, ast_node *array_size,
 {
    unsigned length = 0;
 
+   if (base == NULL)
+      return glsl_type::error_type;
+
    /* From page 19 (page 25) of the GLSL 1.20 spec:
     *
     *     "Only one-dimensional arrays may be declared."
@@ -1754,7 +1757,8 @@ process_array_type(YYLTYPE *loc, const glsl_type *base, ast_node *array_size,
 		       "allowed in GLSL ES 1.00.");
    }
 
-   return glsl_type::get_array_instance(base, length);
+   const glsl_type *array_type = glsl_type::get_array_instance(base, length);
+   return array_type != NULL ? array_type : glsl_type::error_type;
 }
 
 
-- 
1.8.1.4