From f64d9c889f7cfd1dd7c4bb034136bbd7020a82f2 Mon Sep 17 00:00:00 2001
From: Mark Lobodzinski <mark@lunarg.com>
Date: Fri, 11 Nov 2016 15:27:12 -0700
Subject: layers: Add null checks to RetireWorkOnQueue

API misuse was causing invalid object dereferences and crashes.

Change-Id: I81ff28b029b984a106a6c60063810e61a07cb945
---
 layers/core_validation.cpp | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

(limited to 'layers/core_validation.cpp')

diff --git a/layers/core_validation.cpp b/layers/core_validation.cpp
index 09d41a99..32e9f908 100644
--- a/layers/core_validation.cpp
+++ b/layers/core_validation.cpp
@@ -4754,18 +4754,25 @@ static bool RetireWorkOnQueue(layer_data *dev_data, QUEUE_NODE *pQueue, uint64_t
 
         for (auto & wait : submission.waitSemaphores) {
             auto pSemaphore = getSemaphoreNode(dev_data, wait.semaphore);
-            pSemaphore->in_use.fetch_sub(1);
+            if (pSemaphore) {
+                pSemaphore->in_use.fetch_sub(1);
+            }
             auto & lastSeq = otherQueueSeqs[wait.queue];
             lastSeq = std::max(lastSeq, wait.seq);
         }
 
         for (auto & semaphore : submission.signalSemaphores) {
             auto pSemaphore = getSemaphoreNode(dev_data, semaphore);
-            pSemaphore->in_use.fetch_sub(1);
+            if (pSemaphore) {
+                pSemaphore->in_use.fetch_sub(1);
+            }
         }
 
         for (auto cb : submission.cbs) {
             auto cb_node = getCBNode(dev_data, cb);
+            if (!cb_node) {
+                continue;
+            }
             // First perform decrement on general case bound objects
             DecrementBoundResources(dev_data, cb_node);
             for (auto drawDataElement : cb_node->drawData) {
-- 
cgit v1.2.3