[Mesa-dev] [PATCH 5/5] gallium/radeon: fix member access within null pointer

Nicolai Hähnle nhaehnle at gmail.com
Fri Feb 10 09:25:46 UTC 2017 

On 07.02.2017 19:34, Bartosz Tomczyk wrote:
> ---
>  src/gallium/drivers/radeon/r600_pipe_common.c | 13 +++++++------
>  src/gallium/drivers/radeon/r600_pipe_common.h |  3 ++-
>  2 files changed, 9 insertions(+), 7 deletions(-)
>
> diff --git a/src/gallium/drivers/radeon/r600_pipe_common.c b/src/gallium/drivers/radeon/r600_pipe_common.c
> index 95a6a486a3..0ae0cd38a0 100644
> --- a/src/gallium/drivers/radeon/r600_pipe_common.c
> +++ b/src/gallium/drivers/radeon/r600_pipe_common.c
> @@ -1093,15 +1093,16 @@ static void r600_fence_reference(struct pipe_screen *screen,
>  				 struct pipe_fence_handle *src)
>  {
>  	struct radeon_winsys *ws = ((struct r600_common_screen*)screen)->ws;
> -	struct r600_multi_fence **rdst = (struct r600_multi_fence **)dst;
> +	struct r600_multi_fence *rdst = (struct r600_multi_fence *)(dst ? *dst : NULL);
>  	struct r600_multi_fence *rsrc = (struct r600_multi_fence *)src;
>
> -	if (pipe_reference(&(*rdst)->reference, &rsrc->reference)) {
> -		ws->fence_reference(&(*rdst)->gfx, NULL);
> -		ws->fence_reference(&(*rdst)->sdma, NULL);
> -		FREE(*rdst);
> +	if (pipe_reference(rdst ? &rdst->reference : NULL,
> +			rsrc ? &rsrc->reference : NULL)) {
> +		ws->fence_reference(&rdst->gfx, NULL);
> +		ws->fence_reference(&rdst->sdma, NULL);
> +		FREE(rdst);
>  	}
> -        *rdst = rsrc;
> +	if (dst) *dst = src;
>  }

For this and patch #4, the same applies as for the discussion on patch 
#1: I think it's mostly fine, but you should remove the checks for dst 
== NULL. These functions should all assume that dst is non-NULL.

Cheers,
Nicolai

>
>  static boolean r600_fence_finish(struct pipe_screen *screen,
> diff --git a/src/gallium/drivers/radeon/r600_pipe_common.h b/src/gallium/drivers/radeon/r600_pipe_common.h
> index 6eff9aaf09..e3f9b07c2d 100644
> --- a/src/gallium/drivers/radeon/r600_pipe_common.h
> +++ b/src/gallium/drivers/radeon/r600_pipe_common.h
> @@ -887,7 +887,8 @@ r600_resource_reference(struct r600_resource **ptr, struct r600_resource *res)
>  static inline void
>  r600_texture_reference(struct r600_texture **ptr, struct r600_texture *res)
>  {
> -	pipe_resource_reference((struct pipe_resource **)ptr, &res->resource.b.b);
> +	pipe_resource_reference((struct pipe_resource **)ptr,
> +				res ? &res->resource.b.b : NULL);
>  }
>
>  static inline void
>

More information about the mesa-dev mailing list