util/slab: do not dereference NULL-pointer

This used to not be a problem, because these mutexes were the first
members of this array, meaning that we ended up trying to lock/unlock
NULL mutexes. But this isn't guaranteed to be allowed, so we were
relying on luck here.

Recently, this changed. We introduced asserts for NULL-pointers, and
changed the behavior in a way that leads to crashes in release-builds.
This means we can't rely on luck any longer.

Fixes: e3171037539 ("c11/threads: Remove Win32 null checks")
Closes: https://gitlab.freedesktop.org/mesa/mesa/-/issues/3903
Reviewed-by: Eric Anholt <eric@anholt.net>
Part-of: <https://gitlab.freedesktop.org/mesa/mesa/-/merge_requests/7853>

diff --git a/src/util/slab.c b/src/util/slab.c
index 62634034fdc6ef0b1994d4d3d0e1233bf4f71b8b..b0f07e0202d29840b3c45d67b50d1b000df60f6b 100644 (file)
--- a/src/util/slab.c
+++ b/src/util/slab.c
@@ -257,7 +257,8 @@ void slab_free(struct slab_child_pool *pool, void *ptr)
    }
 
    /* The slow case: migration or an orphaned page. */
-   mtx_lock(&pool->parent->mutex);
+   if (pool->parent)
+      mtx_lock(&pool->parent->mutex);
 
    /* Note: we _must_ re-read elt->owner here because the owning child pool
     * may have been destroyed by another thread in the meantime.
@@ -268,9 +269,11 @@ void slab_free(struct slab_child_pool *pool, void *ptr)
       struct slab_child_pool *owner = (struct slab_child_pool *)owner_int;
       elt->next = owner->migrated;
       owner->migrated = elt;
-      mtx_unlock(&pool->parent->mutex);
+      if (pool->parent)
+         mtx_unlock(&pool->parent->mutex);
    } else {
-      mtx_unlock(&pool->parent->mutex);
+      if (pool->parent)
+         mtx_unlock(&pool->parent->mutex);
 
       slab_free_orphaned(elt);
    }