From 65f14fd68dac4fb52c765c82f08931d7aa745e61 Mon Sep 17 00:00:00 2001
From: Ian Romanick <ian.d.romanick@intel.com>
Date: Tue, 7 Apr 2020 20:19:41 -0700
Subject: [PATCH] tnl: Don't dereference NULL obj pointer in bind_indices
MIME-Version: 1.0
Content-Type: text/plain; charset=utf8
Content-Transfer-Encoding: 8bit

Structurally the code is now similar to bind_inputs.  The fixes tag is a
little bit misleading.  I think the change in that commit just exposes a
previously existing bug.

Closes: https://gitlab.freedesktop.org/mesa/mesa/-/issues/2746
Fixes: f3cce7087a5 ("mesa: don't ever bind NullBufferObj for glBindBuffer targets")
Reviewed-by: Marek OlÅ¡Ã¡k <marek.olsak@amd.com>
Part-of: <https://gitlab.freedesktop.org/mesa/mesa/-/merge_requests/4512>
---
 src/mesa/tnl/t_draw.c | 30 ++++++++++++++++--------------
 1 file changed, 16 insertions(+), 14 deletions(-)

diff --git a/src/mesa/tnl/t_draw.c b/src/mesa/tnl/t_draw.c
index 335161ef0d0..2146fe92c88 100644
--- a/src/mesa/tnl/t_draw.c
+++ b/src/mesa/tnl/t_draw.c
@@ -362,20 +362,22 @@ static void bind_indices( struct gl_context *ctx,
       return;
    }
 
-   if (ib->obj &&
-       !_mesa_bufferobj_mapped(ib->obj, MAP_INTERNAL)) {
-      /* if the buffer object isn't mapped yet, map it now */
-      bo[*nr_bo] = ib->obj;
-      (*nr_bo)++;
-      ptr = ctx->Driver.MapBufferRange(ctx, (GLsizeiptr) ib->ptr,
-                                       ib->count << ib->index_size_shift,
-				       GL_MAP_READ_BIT, ib->obj,
-                                       MAP_INTERNAL);
-      assert(ib->obj->Mappings[MAP_INTERNAL].Pointer);
-   } else {
-      /* user-space elements, or buffer already mapped */
-      ptr = ADD_POINTERS(ib->obj->Mappings[MAP_INTERNAL].Pointer, ib->ptr);
-   }
+   if (ib->obj) {
+      if (!_mesa_bufferobj_mapped(ib->obj, MAP_INTERNAL)) {
+         /* if the buffer object isn't mapped yet, map it now */
+         bo[*nr_bo] = ib->obj;
+         (*nr_bo)++;
+         ptr = ctx->Driver.MapBufferRange(ctx, (GLsizeiptr) ib->ptr,
+                                          ib->count << ib->index_size_shift,
+                                          GL_MAP_READ_BIT, ib->obj,
+                                          MAP_INTERNAL);
+         assert(ib->obj->Mappings[MAP_INTERNAL].Pointer);
+      } else {
+         /* user-space elements, or buffer already mapped */
+         ptr = ADD_POINTERS(ib->obj->Mappings[MAP_INTERNAL].Pointer, ib->ptr);
+      }
+   } else
+      ptr = ib->ptr;
 
    if (ib->index_size_shift == 2 && VB->Primitive[0].basevertex == 0) {
       VB->Elts = (GLuint *) ptr;
-- 
2.30.2