[Mesa-dev] [PATCH regression-fix 1/2] glsl: Fix NULL pointer dereferences when linking fails.

[Kenneth Graunke]

Commit 7cfefe6965d50 introduced a check for whether linked->Type equals
GL_GEOMETRY_SHADER.  However, linked may be NULL due to an earlier error
condition.

Since the entire function after the error path is (or should be) guarded
by linked != NULL checks, we may as well just return early and remove
the checks.

Fixes crashes in 9 Piglit tests.

Signed-off-by: Kenneth Graunke <kenneth at whitecape.org>
Cc: Paul Berry <stereotype441 at gmail.com>
---
 src/glsl/linker.cpp | 12 ++++--------
 1 file changed, 4 insertions(+), 8 deletions(-)

diff --git a/src/glsl/linker.cpp b/src/glsl/linker.cpp
index 94ea54c..f6b710e 100644
--- a/src/glsl/linker.cpp
+++ b/src/glsl/linker.cpp
@@ -1233,7 +1233,7 @@ link_intrastage_shaders(void *mem_ctx,
    if (!link_function_calls(prog, linked, linking_shaders,
 			    num_linking_shaders)) {
       ctx->Driver.DeleteShader(ctx, linked);
-      linked = NULL;
+      return NULL;
    }
 
    free(linking_shaders);
@@ -1241,8 +1241,7 @@ link_intrastage_shaders(void *mem_ctx,
    /* At this point linked should contain all of the linked IR, so
     * validate it to make sure nothing went wrong.
     */
-   if (linked)
-      validate_ir_tree(linked->ir);
+   validate_ir_tree(linked->ir);
 
    /* Set the size of geometry shader input arrays */
    if (linked->Type == GL_GEOMETRY_SHADER) {
@@ -1258,11 +1257,8 @@ link_intrastage_shaders(void *mem_ctx,
     * unspecified sizes have a size specified.  The size is inferred from the
     * max_array_access field.
     */
-   if (linked != NULL) {
-      array_sizing_visitor v;
-
-      v.run(linked->ir);
-   }
+   array_sizing_visitor v;
+   v.run(linked->ir);
 
    return linked;
 }
-- 
1.8.3.4