summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMaarten Maathuis <[email protected]>2010-08-06 23:56:31 +0200
committerMaarten Maathuis <[email protected]>2010-08-06 23:56:31 +0200
commita838cee6bc3a2e144c00f0a5f0a7791cd97037ab (patch)
tree1edb6103a9f5126ff19a26b8f455976bd3531767
parentd9f72b9f909b32ff0adacf939c75eb2924ed133b (diff)
nouveau: fix potential NULL-ptr dereference in nouveau_stateobj.h
- This can only be triggered when DEBUG_NOUVEAU_STATEOBJ is active. - Also remove a redundant pointer assignment. Reported-by: Roy Spliet <[email protected]> Signed-off-by: Maarten Maathuis <[email protected]>
-rw-r--r--src/gallium/drivers/nouveau/nouveau_stateobj.h10
1 files changed, 4 insertions, 6 deletions
diff --git a/src/gallium/drivers/nouveau/nouveau_stateobj.h b/src/gallium/drivers/nouveau/nouveau_stateobj.h
index f5c1c5ca2c3..e920cf9f3bc 100644
--- a/src/gallium/drivers/nouveau/nouveau_stateobj.h
+++ b/src/gallium/drivers/nouveau/nouveau_stateobj.h
@@ -151,9 +151,9 @@ so_method(struct nouveau_stateobj *so, struct nouveau_grobj *gr,
if (so->start_alloc <= so->cur_start) {
debug_printf("exceeding num_start size\n");
assert(0);
- } else
+ }
#endif /* DEBUG_NOUVEAU_STATEOBJ */
- start = so->start;
+ start = so->start;
#ifdef DEBUG_NOUVEAU_STATEOBJ
if (so->cur_start > 0 && start[so->cur_start - 1].size > so->cur) {
@@ -162,7 +162,6 @@ so_method(struct nouveau_stateobj *so, struct nouveau_grobj *gr,
}
#endif /* DEBUG_NOUVEAU_STATEOBJ */
- so->start = start;
start[so->cur_start].gr = gr;
start[so->cur_start].mthd = mthd;
start[so->cur_start].size = size;
@@ -193,11 +192,10 @@ so_reloc(struct nouveau_stateobj *so, struct nouveau_bo *bo,
if (so->reloc_alloc <= so->cur_reloc) {
debug_printf("exceeding num_reloc size\n");
assert(0);
- } else
+ }
#endif /* DEBUG_NOUVEAU_STATEOBJ */
- r = so->reloc;
+ r = so->reloc;
- so->reloc = r;
r[so->cur_reloc].bo = NULL;
nouveau_bo_ref(bo, &(r[so->cur_reloc].bo));
r[so->cur_reloc].gr = so->start[so->cur_start-1].gr;