<div dir="ltr"><div><div><div>I have not been able to force a NULL dereference, this is based off analyzing the code.<br></div>Yes that is implicitly true, but if at some point the implicit relationship is broken, I would<br></div>rather not have a NULL dereference.<br><br></div>If you do not agree, I am fine deferring to your judgement!<br></div><div class="gmail_extra"><br><div class="gmail_quote">On Wed, Mar 9, 2016 at 6:23 PM, Ian Romanick <span dir="ltr"><<a href="mailto:idr@freedesktop.org" target="_blank">idr@freedesktop.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div class="HOEnZb"><div class="h5">On 03/09/2016 10:21 AM, Lars Hamre wrote:<br> > Fixes a possible null dereference.<br> ><br> > NOTE: this is my first time contributing, please let me know if I<br> > should be doing anything differently, thanks!<br> ><br> > Signed-off-by: Lars Hamre <<a href="mailto:chemecse@gmail.com">chemecse@gmail.com</a>><br> > ---<br> > src/mesa/swrast/s_triangle.c | 7 ++++---<br> > 1 file changed, 4 insertions(+), 3 deletions(-)<br> ><br> > diff --git a/src/mesa/swrast/s_triangle.c b/src/mesa/swrast/s_triangle.c<br> > index 876a74b..9225974 100644<br> > --- a/src/mesa/swrast/s_triangle.c<br> > +++ b/src/mesa/swrast/s_triangle.c<br> > @@ -781,7 +781,7 @@ fast_persp_span(struct gl_context *ctx, SWspan *span,<br> > }<br> > break;<br> > }<br> > -<br> > +<br> > assert(span->arrayMask & SPAN_RGBA);<br> > _swrast_write_rgba_span(ctx, span);<br> ><br> > @@ -1063,8 +1063,8 @@ _swrast_choose_triangle( struct gl_context *ctx )<br> > swImg = swrast_texture_image_const(texImg);<br> ><br> > format = texImg ? texImg->TexFormat : MESA_FORMAT_NONE;<br> > - minFilter = texObj2D ? samp->MinFilter : GL_NONE;<br> > - magFilter = texObj2D ? samp->MagFilter : GL_NONE;<br> > + minFilter = (texObj2D && samp) ? samp->MinFilter : GL_NONE;<br> > + magFilter = (texObj2D && samp) ? samp->MagFilter : GL_NONE;<br> <br> </div></div>NAK this hunk. If texObj2D is not NULL, samp is also not NULL.<br> <span class=""><br> > envMode = ctx->Texture.Unit[0].EnvMode;<br> ><br> > /* First see if we can use an optimized 2-D texture function */<br> > @@ -1073,6 +1073,7 @@ _swrast_choose_triangle( struct gl_context *ctx )<br> > && !ctx->ATIFragmentShader._Enabled<br> > && ctx->Texture._MaxEnabledTexImageUnit == 0<br> > && ctx->Texture.Unit[0]._Current->Target == GL_TEXTURE_2D<br> > + && samp<br> <br> </span>I think the 'ctx->Texture.Unit[0]._Current->Target == GL_TEXTURE_2D'<br> implicitly ensures that samp cannot be NULL. Have you been able to<br> cause a NULL dereference in this code path or is this just based on<br> speculation?<br> <span class="im HOEnZb"><br> > && samp->WrapS == GL_REPEAT<br> > && samp->WrapT == GL_REPEAT<br> > && texObj2D->_Swizzle == SWIZZLE_NOOP<br> > --<br> > 2.5.0<br> ><br> </span><div class="HOEnZb"><div class="h5">> _______________________________________________<br> > mesa-dev mailing list<br> > <a href="mailto:mesa-dev@lists.freedesktop.org">mesa-dev@lists.freedesktop.org</a><br> > <a href="https://lists.freedesktop.org/mailman/listinfo/mesa-dev" rel="noreferrer" target="_blank">https://lists.freedesktop.org/mailman/listinfo/mesa-dev</a><br> <br> </div></div></blockquote></div><br></div>