From 25a8e8bbd5e98abfd263bfc44f010b40747c04cc Mon Sep 17 00:00:00 2001 From: Lionel Landwerlin Date: Wed, 9 Nov 2016 16:33:51 +0000 Subject: [PATCH] i965: miptree: prevent potential NULL pointer access If the mcs buffer allocation fails we might get a NULL pointer. This was reported by Coverity and should only happen if we run out of memory. v2: return failure at the point of allocation (Chris) CID: 1394290 Signed-off-by: Lionel Landwerlin --- src/mesa/drivers/dri/i965/intel_mipmap_tree.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/src/mesa/drivers/dri/i965/intel_mipmap_tree.c b/src/mesa/drivers/dri/i965/intel_mipmap_tree.c index 6c81ffb5767..28001b643bd 100644 --- a/src/mesa/drivers/dri/i965/intel_mipmap_tree.c +++ b/src/mesa/drivers/dri/i965/intel_mipmap_tree.c @@ -1486,6 +1486,8 @@ intel_miptree_init_mcs(struct brw_context *brw, struct intel_mipmap_tree *mt, int init_value) { + assert(mt->mcs_buf != NULL); + /* From the Ivy Bridge PRM, Vol 2 Part 1 p326: * * When MCS buffer is enabled and bound to MSRT, it is required that it @@ -1604,10 +1606,12 @@ intel_miptree_alloc_mcs(struct brw_context *brw, mt->logical_width0, mt->logical_height0, MIPTREE_LAYOUT_ACCELERATED_UPLOAD); + if (!mt->mcs_buf) + return false; intel_miptree_init_mcs(brw, mt, 0xFF); - return mt->mcs_buf != NULL; + return true; } @@ -1666,6 +1670,8 @@ intel_miptree_alloc_non_msrt_mcs(struct brw_context *brw, mcs_width, mcs_height, layout_flags); + if (!mt->mcs_buf) + return false; /* From Gen9 onwards single-sampled (non-msrt) auxiliary buffers are * used for lossless compression which requires similar initialisation @@ -1686,7 +1692,7 @@ intel_miptree_alloc_non_msrt_mcs(struct brw_context *brw, mt->msaa_layout = INTEL_MSAA_LAYOUT_CMS; } - return mt->mcs_buf != NULL; + return true; } /** -- 2.30.2