From 0471f83b07ad304cc79c60e1e4ddd6ecebb6784c Mon Sep 17 00:00:00 2001
From: Erik Faye-Lund <erik.faye-lund@collabora.com>
Date: Tue, 1 Dec 2020 10:59:48 +0100
Subject: [PATCH] util/slab: do not dereference NULL-pointer

This used to not be a problem, because these mutexes were the first
members of this array, meaning that we ended up trying to lock/unlock
NULL mutexes. But this isn't guaranteed to be allowed, so we were
relying on luck here.

Recently, this changed. We introduced asserts for NULL-pointers, and
changed the behavior in a way that leads to crashes in release-builds.
This means we can't rely on luck any longer.

Fixes: e3171037539 ("c11/threads: Remove Win32 null checks")
Closes: https://gitlab.freedesktop.org/mesa/mesa/-/issues/3903
Reviewed-by: Eric Anholt <eric@anholt.net>
Part-of: <https://gitlab.freedesktop.org/mesa/mesa/-/merge_requests/7853>
---
 src/util/slab.c | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/src/util/slab.c b/src/util/slab.c
index 62634034fdc..b0f07e0202d 100644
--- a/src/util/slab.c
+++ b/src/util/slab.c
@@ -257,7 +257,8 @@ void slab_free(struct slab_child_pool *pool, void *ptr)
    }
 
    /* The slow case: migration or an orphaned page. */
-   mtx_lock(&pool->parent->mutex);
+   if (pool->parent)
+      mtx_lock(&pool->parent->mutex);
 
    /* Note: we _must_ re-read elt->owner here because the owning child pool
     * may have been destroyed by another thread in the meantime.
@@ -268,9 +269,11 @@ void slab_free(struct slab_child_pool *pool, void *ptr)
       struct slab_child_pool *owner = (struct slab_child_pool *)owner_int;
       elt->next = owner->migrated;
       owner->migrated = elt;
-      mtx_unlock(&pool->parent->mutex);
+      if (pool->parent)
+         mtx_unlock(&pool->parent->mutex);
    } else {
-      mtx_unlock(&pool->parent->mutex);
+      if (pool->parent)
+         mtx_unlock(&pool->parent->mutex);
 
       slab_free_orphaned(elt);
    }