Comment 34 for bug 691653

Ok, that backtrace makes it pretty plain what's gone wrong:

Code:
    _buf = radeon_drm_bufmgr_create_buffer_from_handle(ws->kman, whandle->handle);

    if (stride)
        *stride = whandle->stride;
    if (size)
        *size = _buf->base.size;

State:
 #0 radeon_r300_winsys_buffer_from_handle (rws=<value optimized out>, whandle=0x7fffe69964b0, stride=0x7fffe69963f4, size=0x7fffe69963f0) at radeon_r300.c:123
         ws = <value optimized out>
         _buf = 0x0

So, it's a simple null pointer dereference. Now we have two questions:

* How/why did radeon_drm_bufmgr_create_buffer_from_handle() give us a null pointer?
* If that is a permissible return value, the code should check for it. Should it still call radeon_libdrm_winsys_buffer() in this case, or just return?