From 0f0c40de682ad3bc0479feaa018302b4daaf6c70 Mon Sep 17 00:00:00 2001
From: Corentin Wallez <cwallez@chromium.org>
Date: Thu, 14 Feb 2019 18:13:47 +0000
Subject: [PATCH] QueueSumit: Validate commands != nullptr before checking they
 are valid

device->ValidateObject dereferences the object and would crash when
the command buffers are nullptr. This issue would have disappeared when
WebGPU error handling is implemented for command buffers. We still fix
it now to please fuzzers.

BUG=dawn:8
BUG=chromium:931880

Change-Id: Ia9d89ebdde9e2ac93de58da2201708c400a712c7
Reviewed-on: https://dawn-review.googlesource.com/c/4740
Reviewed-by: Austin Eng <enga@chromium.org>
Commit-Queue: Corentin Wallez <cwallez@chromium.org>
---
 src/dawn_native/Queue.cpp | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/dawn_native/Queue.cpp b/src/dawn_native/Queue.cpp
index 6fc9af92e4..ae070e3192 100644
--- a/src/dawn_native/Queue.cpp
+++ b/src/dawn_native/Queue.cpp
@@ -51,14 +51,14 @@ namespace dawn_native {
         DAWN_TRY(GetDevice()->ValidateObject(this));
 
         for (uint32_t i = 0; i < numCommands; ++i) {
-            DAWN_TRY(GetDevice()->ValidateObject(commands[i]));
-
             // TODO(cwallez@chromium.org): Remove this once CommandBufferBuilder doesn't use the
             // builder mechanism anymore.
             if (commands[i] == nullptr) {
                 return DAWN_VALIDATION_ERROR("Command buffers cannot be null");
             }
 
+            DAWN_TRY(GetDevice()->ValidateObject(commands[i]));
+
             const CommandBufferResourceUsage& usages = commands[i]->GetResourceUsages();
 
             for (const PassResourceUsage& passUsages : usages.perPass) {