OpenHarmony/third_party_mesa3d
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

glsl: Fix buffer overflow with an atomic buffer binding out of range.

Browse Source 
The binding is checked against the limits later in the function, so we
need to make sure we don't overflow before the check here.

Fixes this valgrind warning (and sometimes segfault):

==1460== Invalid write of size 4
==1460==    at 0x74C98DD: ast_declarator_list::hir(exec_list*, _mesa_glsl_parse_state*) (ast_to_hir.cpp:4943)
==1460==    by 0x74C054F: _mesa_ast_to_hir(exec_list*, _mesa_glsl_parse_state*) (ast_to_hir.cpp:159)
==1460==    by 0x7435C12: _mesa_glsl_compile_shader (glsl_parser_extras.cpp:2130)

in

dEQP-GLES31.functional.debug.negative_coverage.get_error.compute.
   exceed_atomic_counters_limit

Reviewed-by: Timothy Arceri <tarceri@itsqueeze.com>
This commit is contained in:
Eric Anholt
2019-01-08 11:45:16 -08:00
parent 211b826790
commit 700aeaf9c8
1 changed files with 2 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
src/compiler/glsl/ast_to_hir.cpp
View File

@@ -4940,6 +4940,7 @@ ast_declarator_list::hir(exec_list *instructions,
&& process_qualifier_constant(state, &loc, "offset",
type->qualifier.offset,
&qual_offset)) {
if (qual_binding < ARRAY_SIZE(state->atomic_counter_offsets))
state->atomic_counter_offsets[qual_binding] = qual_offset;
}
}