til_fb: don't dereference NULL fragment ops

For strictly logical fragments (e.g. tiled fragmenters) there won't be any ops, and that's even documented in the comments. But the snapshot and reclaim functoins were assuming the ops would be non-NULL. Snapshot in particular trips on this assumption when a module snapshots a subfragment, like drizzle in montage. I'm surprised I haven't encountered this crash before...
author: Vito Caputo <vcaputo@pengaru.com> 2023-01-17 02:08:21 -0800
committer: Vito Caputo <vcaputo@pengaru.com> 2023-01-17 21:47:02 -0800
commit: c741a478a1096212e93e881b58fdb654465bc19d (patch)
tree: 373ab23c8374cd0f41440618c1f4c2d26662c12f /src
parent: 8cc43dafc8f0d4ca04aa162573a44016f45ea364 (diff)
1 files changed, 4 insertions, 2 deletions
diff --git a/src/til_fb.c b/src/til_fb.c
index 536a6f2..6aa20b2 100644
--- a/src/til_fb.c
+++ b/src/til_fb.c
@@ -417,7 +417,7 @@ til_fb_fragment_t * til_fb_fragment_snapshot(til_fb_fragment_t **fragment_ptr, i
 	assert(fragment_ptr && *fragment_ptr);
 
 	/* when there's a snapshot method just let it do some magic */
-	if ((*fragment_ptr)->ops->snapshot)
+	if ((*fragment_ptr)->ops && (*fragment_ptr)->ops->snapshot)
 		return (*fragment_ptr)->ops->snapshot(fragment_ptr, preserve_original);
 
 	/* otherwise we just allocate a new fragment, and copy *fragment_ptr->buf to it */
@@ -444,7 +444,9 @@ til_fb_fragment_t * til_fb_fragment_snapshot(til_fb_fragment_t **fragment_ptr, i
 /* reclaim the fragment (for cleaning up snapshots) */
 til_fb_fragment_t * til_fb_fragment_reclaim(til_fb_fragment_t *fragment)
 {
-	if (fragment->ops->reclaim)
+	assert(fragment);
+
+	if (fragment->ops && fragment->ops->reclaim)
 		fragment->ops->reclaim(fragment);
 
 	return NULL;
author	Vito Caputo <vcaputo@pengaru.com>	2023-01-17 02:08:21 -0800
committer	Vito Caputo <vcaputo@pengaru.com>	2023-01-17 21:47:02 -0800
commit	c741a478a1096212e93e881b58fdb654465bc19d (patch)
tree	373ab23c8374cd0f41440618c1f4c2d26662c12f /src
parent	8cc43dafc8f0d4ca04aa162573a44016f45ea364 (diff)