nouveau: fix potential NULL-ptr dereference in nouveau_stateobj.h

- This can only be triggered when DEBUG_NOUVEAU_STATEOBJ is active.
- Also remove a redundant pointer assignment.

Reported-by: Roy Spliet <r.spliet@student.tudelft.nl>
Signed-off-by: Maarten Maathuis <madman2003@gmail.com>

diff --git a/src/gallium/drivers/nouveau/nouveau_stateobj.h b/src/gallium/drivers/nouveau/nouveau_stateobj.h
index f5c1c5ca2c377e6e962cb5cb045368c3bef1161c..e920cf9f3bcf78c1e0bca766454a98990acbfc0e 100644 (file)
--- a/src/gallium/drivers/nouveau/nouveau_stateobj.h
+++ b/src/gallium/drivers/nouveau/nouveau_stateobj.h
@@ -151,9 +151,9 @@ so_method(struct nouveau_stateobj *so, struct nouveau_grobj *gr,
        if (so->start_alloc <= so->cur_start) {
                debug_printf("exceeding num_start size\n");
                assert(0);
-       } else
+       }
 #endif /* DEBUG_NOUVEAU_STATEOBJ */
-               start = so->start;
+       start = so->start;
 
 #ifdef DEBUG_NOUVEAU_STATEOBJ
        if (so->cur_start > 0 && start[so->cur_start - 1].size > so->cur) {
@@ -162,7 +162,6 @@ so_method(struct nouveau_stateobj *so, struct nouveau_grobj *gr,
        }
 #endif /* DEBUG_NOUVEAU_STATEOBJ */
 
-       so->start = start;
        start[so->cur_start].gr = gr;
        start[so->cur_start].mthd = mthd;
        start[so->cur_start].size = size;
@@ -193,11 +192,10 @@ so_reloc(struct nouveau_stateobj *so, struct nouveau_bo *bo,
        if (so->reloc_alloc <= so->cur_reloc) {
                debug_printf("exceeding num_reloc size\n");
                assert(0);
-       } else
+       }
 #endif /* DEBUG_NOUVEAU_STATEOBJ */
-               r = so->reloc;
+       r = so->reloc;
 
-       so->reloc = r;
        r[so->cur_reloc].bo = NULL;
        nouveau_bo_ref(bo, &(r[so->cur_reloc].bo));
        r[so->cur_reloc].gr = so->start[so->cur_start-1].gr;