From c741a478a1096212e93e881b58fdb654465bc19d Mon Sep 17 00:00:00 2001 From: Vito Caputo Date: Tue, 17 Jan 2023 02:08:21 -0800 Subject: til_fb: don't dereference NULL fragment ops For strictly logical fragments (e.g. tiled fragmenters) there won't be any ops, and that's even documented in the comments. But the snapshot and reclaim functoins were assuming the ops would be non-NULL. Snapshot in particular trips on this assumption when a module snapshots a subfragment, like drizzle in montage. I'm surprised I haven't encountered this crash before... --- src/til_fb.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) (limited to 'src') diff --git a/src/til_fb.c b/src/til_fb.c index 536a6f2..6aa20b2 100644 --- a/src/til_fb.c +++ b/src/til_fb.c @@ -417,7 +417,7 @@ til_fb_fragment_t * til_fb_fragment_snapshot(til_fb_fragment_t **fragment_ptr, i assert(fragment_ptr && *fragment_ptr); /* when there's a snapshot method just let it do some magic */ - if ((*fragment_ptr)->ops->snapshot) + if ((*fragment_ptr)->ops && (*fragment_ptr)->ops->snapshot) return (*fragment_ptr)->ops->snapshot(fragment_ptr, preserve_original); /* otherwise we just allocate a new fragment, and copy *fragment_ptr->buf to it */ @@ -444,7 +444,9 @@ til_fb_fragment_t * til_fb_fragment_snapshot(til_fb_fragment_t **fragment_ptr, i /* reclaim the fragment (for cleaning up snapshots) */ til_fb_fragment_t * til_fb_fragment_reclaim(til_fb_fragment_t *fragment) { - if (fragment->ops->reclaim) + assert(fragment); + + if (fragment->ops && fragment->ops->reclaim) fragment->ops->reclaim(fragment); return NULL; -- cgit v1.2.1