tnl: Don't dereference NULL obj pointer in t_rebase_prims

Structurally the code is now similar to the handling of other
gl_buffer_object::obj pointers elsewhere in TNL.  The fixes tag is a
little bit misleading.  I think the change in that commit just exposes a
previously existing bug.

Closes: https://gitlab.freedesktop.org/mesa/mesa/-/issues/2746
Fixes: f3cce7087a5 ("mesa: don't ever bind NullBufferObj for glBindBuffer targets")
Reviewed-by: Marek Olšák <marek.olsak@amd.com>
Part-of: <https://gitlab.freedesktop.org/mesa/mesa/-/merge_requests/4512>

diff --git a/src/mesa/tnl/t_rebase.c b/src/mesa/tnl/t_rebase.c
index 2d53d947d3d9d0e89cf837955d4fcc02375f55b8..dc64e81fbd24031259a8d82cf2ccabdcfe724f4b 100644 (file)
--- a/src/mesa/tnl/t_rebase.c
+++ b/src/mesa/tnl/t_rebase.c
@@ -151,16 +151,19 @@ void t_rebase_prims( struct gl_context *ctx,
    } else if (ib) {
       /* Unfortunately need to adjust each index individually.
        */
-      GLboolean map_ib = ib->obj &&
-                         !ib->obj->Mappings[MAP_INTERNAL].Pointer;
-      void *ptr;
-
-      if (map_ib) 
-        ctx->Driver.MapBufferRange(ctx, 0, ib->obj->Size, GL_MAP_READ_BIT,
-                                   ib->obj, MAP_INTERNAL);
-
-
-      ptr = ADD_POINTERS(ib->obj->Mappings[MAP_INTERNAL].Pointer, ib->ptr);
+      bool map_ib = false;
+      const void *ptr;
+
+      if (ib->obj) {
+         if (!ib->obj->Mappings[MAP_INTERNAL].Pointer) {
+            ctx->Driver.MapBufferRange(ctx, 0, ib->obj->Size, GL_MAP_READ_BIT,
+                                       ib->obj, MAP_INTERNAL);
+            map_ib = true;
+         }
+
+         ptr = ADD_POINTERS(ib->obj->Mappings[MAP_INTERNAL].Pointer, ib->ptr);
+      } else
+         ptr = ib->ptr;
 
       /* Some users might prefer it if we translated elements to
        * GLuints here.  Others wouldn't...