r300: move pointer dereference after a NULL check

Vs state can be NULL by the time r300_set_constant_buffer is called.
We don't hit this with OpenGL though, so this is why I didn't spot
this in my testing, but nine hits this codepath. Restore the original
behavior here.

Fixes: 882811b1ff67fa37197e27f56caaffbe3e6164d6
Signed-off-by: Pavel Ondračka <pavel.ondracka@gmail.com>
Part-of: <https://gitlab.freedesktop.org/mesa/mesa/-/merge_requests/15842>

diff --git a/src/gallium/drivers/r300/r300_state.c b/src/gallium/drivers/r300/r300_state.c
index 132b682..4e8c2ec 100644 (file)
--- a/src/gallium/drivers/r300/r300_state.c
+++ b/src/gallium/drivers/r300/r300_state.c
@@ -2087,7 +2087,7 @@ static void r300_set_constant_buffer(struct pipe_context *pipe,
 
     if (shader == PIPE_SHADER_VERTEX) {
         if (r300->screen->caps.has_tcl) {
-            struct r300_vertex_shader_code *vs = r300_vs(r300)->shader;
+            struct r300_vertex_shader *vs = r300_vs(r300);
 
             if (!vs) {
                 cbuf->buffer_base = 0;
@@ -2095,9 +2095,9 @@ static void r300_set_constant_buffer(struct pipe_context *pipe,
             }
 
             cbuf->buffer_base = r300->vs_const_base;
-            r300->vs_const_base += vs->code.constants.Count;
+            r300->vs_const_base += vs->shader->code.constants.Count;
             if (r300->vs_const_base > R500_MAX_PVS_CONST_VECS) {
-                r300->vs_const_base = vs->code.constants.Count;
+                r300->vs_const_base = vs->shader->code.constants.Count;
                 cbuf->buffer_base = 0;
                 r300_mark_atom_dirty(r300, &r300->pvs_flush);
             }