[Mesa-dev] [PATCH] i965: Avoid NULL pointer dereference when transform feedback is off.
Kenneth Graunke
kenneth at whitecape.org
Fri Dec 30 23:47:42 UTC 2016
On Friday, December 30, 2016 3:39:36 PM PST Kenneth Graunke wrote:
> upload_3dstate_streamout can be called when there's no currently bound
> transform feedback object. In this case, we get the default object,
> which has a NULL shader (previously gl_shader_program, now gl_program).
>
> The old code did something sketchy, but which worked:
>
> const struct gl_transform_feedback_info *linked_xfb_info =
> &xfb_obj->shader_program->LinkedTransformFeedback;
>
> Here, if shader_program is NULL, this would be a bogus pointer of 0x60.
> But we never actually dereferenced it, so it worked out.
>
> With Timothy's recent reworks, we actually end up dereferencing
> xfb_obj->program along the way, which crashes since it's NULL.
>
> The solution is to move this pointer initialization into the "active"
> block, where we know it actually exists and won't be bogus.
>
> Signed-off-by: Kenneth Graunke <kenneth at whitecape.org>
> ---
> src/mesa/drivers/dri/i965/gen7_sol_state.c | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
Pushed with Jason and Tim's R-b from IRC.
--Ken
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: This is a digitally signed message part.
URL: <https://lists.freedesktop.org/archives/mesa-dev/attachments/20161230/007e33ff/attachment.sig>
More information about the mesa-dev
mailing list