mesa/st: fix possible crash related to arb invalid memory access

This invalid memory access is a consequence of wrong assumptions, for instance: "prog->sh.data is NULL if it's ARB_fragment_program" This issue is triggered with piglit/fp-formats -auto -fbo: ==9747==ERROR: AddressSanitizer: heap-use-after-free on address 0x007f7c812d90 at pc 0x007f833c09f8 bp 0x007fd7eca750 sp 0x007fd7eca768 READ of size 4 at 0x007f7c812d90 thread T0 #0 0x7f833c09f4 in st_get_sampler_views ../src/mesa/state_tracker/st_atom_texture.c:109 #1 0x7f833c0b48 in update_textures ../src/mesa/state_tracker/st_atom_texture.c:266 #2 0x7f82b2d120 in st_validate_state ../src/mesa/state_tracker/st_util.h:128 #3 0x7f82b2d120 in prepare_draw ../src/mesa/state_tracker/st_draw.c:88 #4 0x7f82b2de64 in st_draw_gallium ../src/mesa/state_tracker/st_draw.c:141 #5 0x7f83105940 in _mesa_draw_arrays ../src/mesa/main/draw.c:1202 #6 0x7f8d5fa5cc in piglit_draw_rect_from_arrays piglit/tests/util/piglit-util-gl.c:711 #7 0x7f8d5fac34 in piglit_draw_rect_custom piglit/tests/util/piglit-util-gl.c:833 #8 0x4019e0 in piglit_display piglit/tests/shaders/fp-formats.c:67 #9 0x7f8d643fc4 in run_test piglit/tests/util/piglit-framework-gl/piglit_fbo_framework.c:52 #10 0x401624 in main piglit/tests/shaders/fp-formats.c:39 Signed-off-by: Patrick Lerda <patrick9876@free.fr> Reviewed-by: Marek Olšák <marek.olsak@amd.com> Part-of: <https://gitlab.freedesktop.org/mesa/mesa/-/merge_requests/21175>
2023-02-08 15:28:08 +01:00
parent 620baf9c42
commit b2c340c106
11 changed files with 37 additions and 38 deletions
--- a/src/compiler/glsl/gl_nir_linker.c
+++ b/src/compiler/glsl/gl_nir_linker.c
@@ -904,12 +904,11 @@ validate_sampler_array_indexing(const struct gl_constants *consts,
                           "expressions is forbidden in GLSL %s %u";
         /* Backend has indicated that it has no dynamic indexing support. */
         if (no_dynamic_indexing) {
-            linker_error(prog, msg, prog->IsES ? "ES" : "",
-                         prog->data->Version);
+            linker_error(prog, msg, prog->IsES ? "ES" : "", prog->GLSL_Version);
            return false;
         } else {
            linker_warning(prog, msg, prog->IsES ? "ES" : "",
-                           prog->data->Version);
+                           prog->GLSL_Version);
         }
      }
   }
@@ -933,8 +932,8 @@ gl_nir_link_glsl(const struct gl_constants *consts,
    * with loop induction variable. This check emits a warning or error
    * depending if backend can handle dynamic indexing.
    */
-   if ((!prog->IsES && prog->data->Version < 130) ||
-       (prog->IsES && prog->data->Version < 300)) {
+   if ((!prog->IsES && prog->GLSL_Version < 130) ||
+       (prog->IsES && prog->GLSL_Version < 300)) {
      if (!validate_sampler_array_indexing(consts, prog))
         return false;
   }