From fd88cc332d47f7b6ebdd8a4134408097ed2cfa1d Mon Sep 17 00:00:00 2001 From: Shinwoo Kim Date: Wed, 21 Aug 2019 15:42:08 +0900 Subject: [PATCH] evas_gl_context: fix dereference after null check From the following commit every *_push function has used evas_gl_common_shader_program_get which could set prog to NULL. 38ad8fd Evas GL: Implement runtime generation and load of shaders @@ -1781,28 +1618,26 @@ evas_gl_common_context_line_push(Evas_Engine_GL_Context *gc, int r, int g, int b, int a) + prog = evas_gl_common_shader_program_get(gc, SHD_LINE, NULL, 0, r, g, b, a, + 0, 0, 0, 0, EINA_FALSE, NULL, EINA_FALSE, + mtex, mask_smooth, mw, mh, NULL, NULL, &masksam); - prog = gc->shared->shader[shader].prog; @@ -3114,20 +2919,23 @@ shader_array_flush(Evas_Engine_GL_Context *gc) + Evas_GL_Program *prog; + if (gc->pipe[i].array.num <= 0) break; + prog = gc->pipe[i].shader.prog; setclip = EINA_FALSE; pipe_done++; gc->flushnum++; GLERRV(""); - if (gc->pipe[i].shader.cur_prog != gc->state.current.cur_prog) + if (prog && (prog != gc->state.current.prog)) This is pretty unexpected and unusual case should not exist. But I would like to update evas_gl_context to make system reliable. @tizen_fix Change-Id: Iacdb3f60d73b9fdbf44e129c74da7f034ba3ce7b --- src/modules/evas/engines/gl_common/evas_gl_context.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/src/modules/evas/engines/gl_common/evas_gl_context.c b/src/modules/evas/engines/gl_common/evas_gl_context.c index c153f5b..f97a712 100644 --- a/src/modules/evas/engines/gl_common/evas_gl_context.c +++ b/src/modules/evas/engines/gl_common/evas_gl_context.c @@ -4672,8 +4672,11 @@ _orig_shader_array_flush(Evas_Engine_GL_Context *gc) // TIZEN ONLY (20180823): Use PIO for Paletted png if(gc->pipe[i].array.use_palette) { - GL_TH(glUniform1f, prog->uniform.xDerivativeloc ,gc->pipe[i].shader.palette.xDerivative); - GL_TH(glUniform1f, prog->uniform.yDerivativeloc ,gc->pipe[i].shader.palette.yDerivative); + if (prog) + { + GL_TH(glUniform1f, prog->uniform.xDerivativeloc ,gc->pipe[i].shader.palette.xDerivative); + GL_TH(glUniform1f, prog->uniform.yDerivativeloc ,gc->pipe[i].shader.palette.yDerivative); + } GL_TH(glActiveTexture, ACTIVE_TEXTURE); GL_TH(glBindTexture, GL_TEXTURE_2D, gc->pipe[i].shader.palette.cur_texp); -- 2.7.4