From 06b38dbab287026625de302e80e9806db206c43e Mon Sep 17 00:00:00 2001
From: =?utf8?q?Marek=20Ol=C5=A1=C3=A1k?= <maraeo@gmail.com>
Date: Sat, 13 Jul 2013 00:19:55 +0200
Subject: [PATCH] winsys/radeon: allow a NULL cs pointer in radeon_bo_map to
 fix a segfault

The original idea was that cs=NULL should be allowed here, but we never used
NULL until 862f69fbe1e54e0e9a3c439450a14f. This fixes a segfault in CoreBreach.
---
 src/gallium/winsys/radeon/drm/radeon_drm_bo.c | 20 +++++++++++---------
 1 file changed, 11 insertions(+), 9 deletions(-)

diff --git a/src/gallium/winsys/radeon/drm/radeon_drm_bo.c b/src/gallium/winsys/radeon/drm/radeon_drm_bo.c
index bcd4b27..19e2715 100644
--- a/src/gallium/winsys/radeon/drm/radeon_drm_bo.c
+++ b/src/gallium/winsys/radeon/drm/radeon_drm_bo.c
@@ -458,7 +458,7 @@ static void *radeon_bo_map(struct radeon_winsys_cs_handle *buf,
                  * (neither one is changing it).
                  *
                  * Only check whether the buffer is being used for write. */
-                if (radeon_bo_is_referenced_by_cs_for_write(cs, bo)) {
+                if (cs && radeon_bo_is_referenced_by_cs_for_write(cs, bo)) {
                     cs->flush_cs(cs->flush_data, RADEON_FLUSH_ASYNC);
                     return NULL;
                 }
@@ -468,7 +468,7 @@ static void *radeon_bo_map(struct radeon_winsys_cs_handle *buf,
                     return NULL;
                 }
             } else {
-                if (radeon_bo_is_referenced_by_cs(cs, bo)) {
+                if (cs && radeon_bo_is_referenced_by_cs(cs, bo)) {
                     cs->flush_cs(cs->flush_data, RADEON_FLUSH_ASYNC);
                     return NULL;
                 }
@@ -489,19 +489,21 @@ static void *radeon_bo_map(struct radeon_winsys_cs_handle *buf,
                  * (neither one is changing it).
                  *
                  * Only check whether the buffer is being used for write. */
-                if (radeon_bo_is_referenced_by_cs_for_write(cs, bo)) {
+                if (cs && radeon_bo_is_referenced_by_cs_for_write(cs, bo)) {
                     cs->flush_cs(cs->flush_data, 0);
                 }
                 radeon_bo_wait((struct pb_buffer*)bo,
                                RADEON_USAGE_WRITE);
             } else {
                 /* Mapping for write. */
-                if (radeon_bo_is_referenced_by_cs(cs, bo)) {
-                    cs->flush_cs(cs->flush_data, 0);
-                } else {
-                    /* Try to avoid busy-waiting in radeon_bo_wait. */
-                    if (p_atomic_read(&bo->num_active_ioctls))
-                        radeon_drm_cs_sync_flush(rcs);
+                if (cs) {
+                    if (radeon_bo_is_referenced_by_cs(cs, bo)) {
+                        cs->flush_cs(cs->flush_data, 0);
+                    } else {
+                        /* Try to avoid busy-waiting in radeon_bo_wait. */
+                        if (p_atomic_read(&bo->num_active_ioctls))
+                            radeon_drm_cs_sync_flush(rcs);
+                    }
                 }
 
                 radeon_bo_wait((struct pb_buffer*)bo, RADEON_USAGE_READWRITE);
-- 
2.7.4