From 7a03240b635cd67f345811b86b9faf106f862ec0 Mon Sep 17 00:00:00 2001 From: Ian Romanick Date: Wed, 8 Apr 2020 11:12:19 -0700 Subject: [PATCH] tnl: Don't dereference NULL obj pointer in t_rebase_prims MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Structurally the code is now similar to the handling of other gl_buffer_object::obj pointers elsewhere in TNL. The fixes tag is a little bit misleading. I think the change in that commit just exposes a previously existing bug. Closes: https://gitlab.freedesktop.org/mesa/mesa/-/issues/2746 Fixes: f3cce7087a5 ("mesa: don't ever bind NullBufferObj for glBindBuffer targets") Reviewed-by: Marek Olšák Part-of: --- src/mesa/tnl/t_rebase.c | 19 +++++++++++-------- 1 file changed, 11 insertions(+), 8 deletions(-) diff --git a/src/mesa/tnl/t_rebase.c b/src/mesa/tnl/t_rebase.c index 2d53d947d3d..dc64e81fbd2 100644 --- a/src/mesa/tnl/t_rebase.c +++ b/src/mesa/tnl/t_rebase.c @@ -151,16 +151,19 @@ void t_rebase_prims( struct gl_context *ctx, } else if (ib) { /* Unfortunately need to adjust each index individually. */ - GLboolean map_ib = ib->obj && - !ib->obj->Mappings[MAP_INTERNAL].Pointer; - void *ptr; + bool map_ib = false; + const void *ptr; - if (map_ib) - ctx->Driver.MapBufferRange(ctx, 0, ib->obj->Size, GL_MAP_READ_BIT, - ib->obj, MAP_INTERNAL); + if (ib->obj) { + if (!ib->obj->Mappings[MAP_INTERNAL].Pointer) { + ctx->Driver.MapBufferRange(ctx, 0, ib->obj->Size, GL_MAP_READ_BIT, + ib->obj, MAP_INTERNAL); + map_ib = true; + } - - ptr = ADD_POINTERS(ib->obj->Mappings[MAP_INTERNAL].Pointer, ib->ptr); + ptr = ADD_POINTERS(ib->obj->Mappings[MAP_INTERNAL].Pointer, ib->ptr); + } else + ptr = ib->ptr; /* Some users might prefer it if we translated elements to * GLuints here. Others wouldn't...