[Nouveau] [RFC PATCH 5/8] nv50: prevent NULL pointer dereference with pipe_query functions

Samuel Pitoiset samuel.pitoiset at gmail.com
Mon Jun 22 13:53:16 PDT 2015


This may happen when nv50_query_create() fails to create a new query.

Signed-off-by: Samuel Pitoiset <samuel.pitoiset at gmail.com>
---
 src/gallium/drivers/nouveau/nv50/nv50_query.c | 15 ++++++++++++++-
 1 file changed, 14 insertions(+), 1 deletion(-)

diff --git a/src/gallium/drivers/nouveau/nv50/nv50_query.c b/src/gallium/drivers/nouveau/nv50/nv50_query.c
index 55fcac8..1162110 100644
--- a/src/gallium/drivers/nouveau/nv50/nv50_query.c
+++ b/src/gallium/drivers/nouveau/nv50/nv50_query.c
@@ -96,6 +96,9 @@ nv50_query_allocate(struct nv50_context *nv50, struct nv50_query *q, int size)
 static void
 nv50_query_destroy(struct pipe_context *pipe, struct pipe_query *pq)
 {
+   if (!pq)
+      return;
+
    nv50_query_allocate(nv50_context(pipe), nv50_query(pq), 0);
    nouveau_fence_ref(NULL, &nv50_query(pq)->fence);
    FREE(nv50_query(pq));
@@ -152,6 +155,9 @@ nv50_query_begin(struct pipe_context *pipe, struct pipe_query *pq)
    struct nouveau_pushbuf *push = nv50->base.pushbuf;
    struct nv50_query *q = nv50_query(pq);
 
+   if (!pq)
+      return FALSE;
+
    /* For occlusion queries we have to change the storage, because a previous
     * query might set the initial render conition to FALSE even *after* we re-
     * initialized it to TRUE.
@@ -218,6 +224,9 @@ nv50_query_end(struct pipe_context *pipe, struct pipe_query *pq)
    struct nouveau_pushbuf *push = nv50->base.pushbuf;
    struct nv50_query *q = nv50_query(pq);
 
+   if (!pq)
+      return;
+
    q->state = NV50_QUERY_STATE_ENDED;
 
    switch (q->type) {
@@ -294,9 +303,12 @@ nv50_query_result(struct pipe_context *pipe, struct pipe_query *pq,
    uint64_t *res64 = (uint64_t *)result;
    uint32_t *res32 = (uint32_t *)result;
    boolean *res8 = (boolean *)result;
-   uint64_t *data64 = (uint64_t *)q->data;
+   uint64_t *data64;
    int i;
 
+   if (!pq)
+      return FALSE;
+
    if (q->state != NV50_QUERY_STATE_READY)
       nv50_query_update(q);
 
@@ -314,6 +326,7 @@ nv50_query_result(struct pipe_context *pipe, struct pipe_query *pq,
    }
    q->state = NV50_QUERY_STATE_READY;
 
+   data64 = (uint64_t *)q->data;
    switch (q->type) {
    case PIPE_QUERY_GPU_FINISHED:
       res8[0] = TRUE;
-- 
2.4.4



More information about the Nouveau mailing list