From 2e43b32e72b2adf7ce865f56cf2647b137a5342a Mon Sep 17 00:00:00 2001 From: Ian Romanick Date: Wed, 8 Apr 2020 11:03:45 -0700 Subject: [PATCH] tnl: Don't dereference NULL obj pointer in replay_init MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Structurally the code is now similar to the handling of other gl_buffer_object::obj pointers elsewhere in TNL. The fixes tag is a little bit misleading. I think the change in that commit just exposes a previously existing bug. Closes: https://gitlab.freedesktop.org/mesa/mesa/-/issues/2746 Fixes: f3cce7087a5 ("mesa: don't ever bind NullBufferObj for glBindBuffer targets") Reviewed-by: Marek Olšák Part-of: --- src/mesa/tnl/t_split_copy.c | 16 +++++++++------- 1 file changed, 9 insertions(+), 7 deletions(-) diff --git a/src/mesa/tnl/t_split_copy.c b/src/mesa/tnl/t_split_copy.c index 801cb71790b..10f90b57d4d 100644 --- a/src/mesa/tnl/t_split_copy.c +++ b/src/mesa/tnl/t_split_copy.c @@ -476,14 +476,16 @@ replay_init(struct copy_context *copy) * caller convert non-indexed prims to indexed. Could alternately * do it internally. */ - if (copy->ib->obj && - !_mesa_bufferobj_mapped(copy->ib->obj, MAP_INTERNAL)) - ctx->Driver.MapBufferRange(ctx, 0, copy->ib->obj->Size, GL_MAP_READ_BIT, - copy->ib->obj, MAP_INTERNAL); + if (copy->ib->obj) { + if (!_mesa_bufferobj_mapped(copy->ib->obj, MAP_INTERNAL)) + ctx->Driver.MapBufferRange(ctx, 0, copy->ib->obj->Size, GL_MAP_READ_BIT, + copy->ib->obj, MAP_INTERNAL); - srcptr = (const GLubyte *) - ADD_POINTERS(copy->ib->obj->Mappings[MAP_INTERNAL].Pointer, - copy->ib->ptr); + srcptr = (const GLubyte *) + ADD_POINTERS(copy->ib->obj->Mappings[MAP_INTERNAL].Pointer, + copy->ib->ptr); + } else + srcptr = copy->ib->ptr; switch (copy->ib->index_size_shift) { case 0: