diff options
| author | Brian Paul <brianp@vmware.com> | 2009-02-13 08:11:01 -0700 |
|---|---|---|
| committer | Brian Paul <brianp@vmware.com> | 2009-02-13 08:11:01 -0700 |
| commit | ac53b1b0345f10f988c412af528bfd38052acab5 (patch) | |
| tree | c4bc4288550e7b0c5eee429587aaac6ce33aa2b1 | |
| parent | 6559107c7ae67ae6a94f53728cad85137aaf6312 (diff) | |
mesa: check if TNL state is null in _tnl_free_vertices() to avoid potential segfault
_tnl_free_vertices() is called from several places during context tear-down.
Depending on the order in which the swrast, swrast_setup and tnl context is
destroyed we could hit a null pointer here. This doesn't seem to be an
actual issue with any Mesa drivers, but let's be safe.
| -rw-r--r-- | src/mesa/tnl/t_vertex.c | 43 |
1 files changed, 23 insertions, 20 deletions
diff --git a/src/mesa/tnl/t_vertex.c b/src/mesa/tnl/t_vertex.c index 10b78f820e..fe4209ae57 100644 --- a/src/mesa/tnl/t_vertex.c +++ b/src/mesa/tnl/t_vertex.c @@ -535,27 +535,30 @@ void _tnl_init_vertices( GLcontext *ctx, void _tnl_free_vertices( GLcontext *ctx ) { - struct tnl_clipspace *vtx = GET_VERTEX_STATE(ctx); - struct tnl_clipspace_fastpath *fp, *tmp; + TNLcontext *tnl = TNL_CONTEXT(ctx); + if (tnl) { + struct tnl_clipspace *vtx = GET_VERTEX_STATE(ctx); + struct tnl_clipspace_fastpath *fp, *tmp; - if (vtx->vertex_buf) { - ALIGN_FREE(vtx->vertex_buf); - vtx->vertex_buf = NULL; - } - - for (fp = vtx->fastpath ; fp ; fp = tmp) { - tmp = fp->next; - FREE(fp->attr); + if (vtx->vertex_buf) { + ALIGN_FREE(vtx->vertex_buf); + vtx->vertex_buf = NULL; + } - /* KW: At the moment, fp->func is constrained to be allocated by - * _mesa_exec_alloc(), as the hardwired fastpaths in - * t_vertex_generic.c are handled specially. It would be nice - * to unify them, but this probably won't change until this - * module gets another overhaul. - */ - _mesa_exec_free((void *) fp->func); - FREE(fp); + for (fp = vtx->fastpath ; fp ; fp = tmp) { + tmp = fp->next; + FREE(fp->attr); + + /* KW: At the moment, fp->func is constrained to be allocated by + * _mesa_exec_alloc(), as the hardwired fastpaths in + * t_vertex_generic.c are handled specially. It would be nice + * to unify them, but this probably won't change until this + * module gets another overhaul. + */ + _mesa_exec_free((void *) fp->func); + FREE(fp); + } + + vtx->fastpath = NULL; } - - vtx->fastpath = NULL; } |