From 25fcf0adc35287a62a2bd194800004ef53ce99f7 Mon Sep 17 00:00:00 2001
From: Mykola Piatykop <mykola.piatykop@globallogic.com>
Date: Wed, 1 Mar 2023 16:48:45 +0200
Subject: [PATCH] mesa: Fix use after free.
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Reset the pointer to the earlier free st_context.
Check the st_context pointer before st_glFlush.

Closes: https://gitlab.freedesktop.org/mesa/mesa/-/issues/8195

Signed-off-by: Mykola Piatykop <mykola.piatykop@globallogic.com>
Reviewed-by: Marek Olšák <marek.olsak@amd.com>
Part-of: <https://gitlab.freedesktop.org/mesa/mesa/-/merge_requests/21656>
---
 src/mesa/main/context.c             | 4 +++-
 src/mesa/state_tracker/st_context.c | 1 +
 2 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/src/mesa/main/context.c b/src/mesa/main/context.c
index 2b810b0d863..dcae7f64653 100644
--- a/src/mesa/main/context.c
+++ b/src/mesa/main/context.c
@@ -1502,7 +1502,9 @@ _mesa_make_current( struct gl_context *newCtx,
        curCtx->Const.ContextReleaseBehavior ==
        GL_CONTEXT_RELEASE_BEHAVIOR_FLUSH) {
       FLUSH_VERTICES(curCtx, 0, 0);
-      st_glFlush(curCtx, 0);
+      if (curCtx->st){
+         st_glFlush(curCtx, 0);
+      }
    }
 
    if (!newCtx) {
diff --git a/src/mesa/state_tracker/st_context.c b/src/mesa/state_tracker/st_context.c
index 6f430edc07e..c61aa17b972 100644
--- a/src/mesa/state_tracker/st_context.c
+++ b/src/mesa/state_tracker/st_context.c
@@ -371,6 +371,7 @@ st_destroy_context_priv(struct st_context *st, bool destroy_pipe)
    if (st->pipe && destroy_pipe)
       st->pipe->destroy(st->pipe);
 
+   st->ctx->st = NULL;
    FREE(st);
 }