[Mesa-dev] [PATCH 5/5] gallium/radeon: fix member access within null pointer

Bartosz Tomczyk bartosz.tomczyk86 at gmail.com
Tue Feb 7 18:34:23 UTC 2017 

---
 src/gallium/drivers/radeon/r600_pipe_common.c | 13 +++++++------
 src/gallium/drivers/radeon/r600_pipe_common.h |  3 ++-
 2 files changed, 9 insertions(+), 7 deletions(-)

diff --git a/src/gallium/drivers/radeon/r600_pipe_common.c b/src/gallium/drivers/radeon/r600_pipe_common.c
index 95a6a486a3..0ae0cd38a0 100644
--- a/src/gallium/drivers/radeon/r600_pipe_common.c
+++ b/src/gallium/drivers/radeon/r600_pipe_common.c
@@ -1093,15 +1093,16 @@ static void r600_fence_reference(struct pipe_screen *screen,
 				 struct pipe_fence_handle *src)
 {
 	struct radeon_winsys *ws = ((struct r600_common_screen*)screen)->ws;
-	struct r600_multi_fence **rdst = (struct r600_multi_fence **)dst;
+	struct r600_multi_fence *rdst = (struct r600_multi_fence *)(dst ? *dst : NULL);
 	struct r600_multi_fence *rsrc = (struct r600_multi_fence *)src;
 
-	if (pipe_reference(&(*rdst)->reference, &rsrc->reference)) {
-		ws->fence_reference(&(*rdst)->gfx, NULL);
-		ws->fence_reference(&(*rdst)->sdma, NULL);
-		FREE(*rdst);
+	if (pipe_reference(rdst ? &rdst->reference : NULL,
+			rsrc ? &rsrc->reference : NULL)) {
+		ws->fence_reference(&rdst->gfx, NULL);
+		ws->fence_reference(&rdst->sdma, NULL);
+		FREE(rdst);
 	}
-        *rdst = rsrc;
+	if (dst) *dst = src;
 }
 
 static boolean r600_fence_finish(struct pipe_screen *screen,
diff --git a/src/gallium/drivers/radeon/r600_pipe_common.h b/src/gallium/drivers/radeon/r600_pipe_common.h
index 6eff9aaf09..e3f9b07c2d 100644
--- a/src/gallium/drivers/radeon/r600_pipe_common.h
+++ b/src/gallium/drivers/radeon/r600_pipe_common.h
@@ -887,7 +887,8 @@ r600_resource_reference(struct r600_resource **ptr, struct r600_resource *res)
 static inline void
 r600_texture_reference(struct r600_texture **ptr, struct r600_texture *res)
 {
-	pipe_resource_reference((struct pipe_resource **)ptr, &res->resource.b.b);
+	pipe_resource_reference((struct pipe_resource **)ptr, 
+				res ? &res->resource.b.b : NULL);
 }
 
 static inline void
-- 
2.11.1

More information about the mesa-dev mailing list