intel: fix null dereference processing HiZ buffer

Or technically, a near-null dereference.

https://bugs.freedesktop.org/show_bug.cgi?id=46303
https://bugs.freedesktop.org/show_bug.cgi?id=46739

NOTE: This is a candidate for the 8.0 branch.

Reviewed-by: Chad Versace <chad.versace@linux.intel.com>

diff --git a/src/mesa/drivers/dri/intel/intel_context.c b/src/mesa/drivers/dri/intel/intel_context.c
index 5c857ba866bec5c0e9c7994f84d4c36715a99405..b87b33510064b3ee3cf1ba8748e5442eb7085269 100644 (file)
--- a/src/mesa/drivers/dri/intel/intel_context.c
+++ b/src/mesa/drivers/dri/intel/intel_context.c
@@ -1211,6 +1211,10 @@ intel_process_dri2_buffer_with_separate_stencil(struct intel_context *intel,
    if (!rb)
       return;
 
+   /* Check if we failed to allocate the depth miptree earlier. */
+   if (buffer->attachment == __DRI_BUFFER_HIZ && rb->mt == NULL)
+     return;
+
    /* If the renderbuffer's and DRIbuffer's regions match, then continue. */
    if ((buffer->attachment != __DRI_BUFFER_HIZ &&
        rb->mt &&
@@ -1252,6 +1256,7 @@ intel_process_dri2_buffer_with_separate_stencil(struct intel_context *intel,
     * due to failure to allocate new storage.
     */
    if (buffer->attachment == __DRI_BUFFER_HIZ) {
+      assert(rb->mt);
       intel_miptree_release(&rb->mt->hiz_mt);
    } else {
       intel_miptree_release(&rb->mt);
@@ -1277,6 +1282,7 @@ intel_process_dri2_buffer_with_separate_stencil(struct intel_context *intel,
 
    /* Associate buffer with new storage. */
    if (buffer->attachment == __DRI_BUFFER_HIZ) {
+      assert(rb->mt);
       rb->mt->hiz_mt = mt;
    } else {
       rb->mt = mt;