[Mesa-dev] [PATCH] egl: move Null check to eglGetSyncAttribKHR to prevent Segfault

[Dongwon Kim]

Null-check on "*value" is currently done in
_eglGetSyncAttrib, which is after eglGetSyncAttribKHR
attempts to copy data at 'value' to 'attrib'. Segfault
is enevitable if value==NULL in this case. Therefore,
null-check should be moved to beginning of
eglGetSyncAttribKHR to avoid any possible segfaults.

Signed-off-by: Dongwon Kim <dongwon.kim at intel.com>
---
 src/egl/main/eglapi.c  | 10 ++++++++--
 src/egl/main/eglsync.c |  3 ---
 2 files changed, 8 insertions(+), 5 deletions(-)

diff --git a/src/egl/main/eglapi.c b/src/egl/main/eglapi.c
index 323634e..32f6823 100644
--- a/src/egl/main/eglapi.c
+++ b/src/egl/main/eglapi.c
@@ -1555,8 +1555,14 @@ eglGetSyncAttrib(EGLDisplay dpy, EGLSync sync, EGLint attribute, EGLAttrib *valu
 static EGLBoolean EGLAPIENTRY
 eglGetSyncAttribKHR(EGLDisplay dpy, EGLSync sync, EGLint attribute, EGLint *value)
 {
-   EGLAttrib attrib = *value;
-   EGLBoolean result = eglGetSyncAttrib(dpy, sync, attribute, &attrib);
+   EGLAttrib attrib;
+   EGLBoolean result;
+
+   if (!value)
+      RETURN_EGL_ERROR(NULL, EGL_BAD_PARAMETER, EGL_FALSE);
+
+   attrib = *value;
+   result = eglGetSyncAttrib(dpy, sync, attribute, &attrib);
 
    /* The EGL_KHR_fence_sync spec says this about eglGetSyncAttribKHR:
     *
diff --git a/src/egl/main/eglsync.c b/src/egl/main/eglsync.c
index 3019e6e..999cb48 100644
--- a/src/egl/main/eglsync.c
+++ b/src/egl/main/eglsync.c
@@ -144,9 +144,6 @@ EGLBoolean
 _eglGetSyncAttrib(_EGLDriver *drv, _EGLDisplay *dpy, _EGLSync *sync,
                   EGLint attribute, EGLAttrib *value)
 {
-   if (!value)
-      return _eglError(EGL_BAD_PARAMETER, "eglGetSyncAttribKHR");
-
    switch (attribute) {
    case EGL_SYNC_TYPE_KHR:
       *value = sync->Type;
-- 
1.9.1