zink: fix dereference before NULL check

The `sv->image_view` pointer is dereference before checking whether it's
NULL or not.
Check for NULL before dereferencing it to avoid a possible crash.

Fixes: 9de455bc4323 ("zink: check for sampler view existence during
zink_rebind_all_images()")

Reviewed-by: Dave Airlie <airlied@redhat.com>
Signed-off-by: José Expósito <jexposit@redhat.com>
Part-of: <https://gitlab.freedesktop.org/mesa/mesa/-/merge_requests/26140>
(cherry picked from commit 83ed419cd0a55fc0ee9f5ccce8f7ac03711bbf71)

diff --git a/.pick_status.json b/.pick_status.json
index 7f8dfa2..a264889 100644 (file)
--- a/.pick_status.json
+++ b/.pick_status.json
@@ -1334,7 +1334,7 @@
         "description": "zink: fix dereference before NULL check",
         "nominated": true,
         "nomination_type": 1,
-        "resolution": 0,
+        "resolution": 1,
         "main_sha": null,
         "because_sha": "9de455bc4323d6bb484c1beed77454381e48b432",
         "notes": null

diff --git a/src/gallium/drivers/zink/zink_context.c b/src/gallium/drivers/zink/zink_context.c
index 39494ad..b418c6d 100644 (file)
--- a/src/gallium/drivers/zink/zink_context.c
+++ b/src/gallium/drivers/zink/zink_context.c
@@ -4846,7 +4846,7 @@ zink_rebind_all_images(struct zink_context *ctx)
     for (unsigned i = 0; i < MESA_SHADER_STAGES; i++) {
       for (unsigned j = 0; j < ctx->di.num_sampler_views[i]; j++) {
          struct zink_sampler_view *sv = zink_sampler_view(ctx->sampler_views[i][j]);
-         if (!sv || sv->image_view->base.texture->target == PIPE_BUFFER || !sv->image_view)
+         if (!sv || !sv->image_view || sv->image_view->base.texture->target == PIPE_BUFFER)
             continue;
          struct zink_resource *res = zink_resource(sv->image_view->base.texture);
          if (res->obj != sv->image_view->obj) {