On Thu, May 26, 2016 at 11:33 AM, Brian Paul <bri...@vmware.com> wrote:
> On 05/26/2016 09:25 AM, Rob Clark wrote:
>>
>> From: Rob Clark <robcl...@freedesktop.org>
>>
>> CID 1271532 (#1 of 1): Out-of-bounds read (OVERRUN)34. overrun-local:
>> Overrunning array of 2 16-byte elements at element index 2 (byte offset
>> 32) by dereferencing pointer &inst.Dst[i].
>>
>> Signed-off-by: Rob Clark <robcl...@freedesktop.org>
>> ---
>> src/gallium/auxiliary/tgsi/tgsi_text.c | 3 +++
>> 1 file changed, 3 insertions(+)
>>
>> diff --git a/src/gallium/auxiliary/tgsi/tgsi_text.c
>> b/src/gallium/auxiliary/tgsi/tgsi_text.c
>> index 955d042..8bdec06 100644
>> --- a/src/gallium/auxiliary/tgsi/tgsi_text.c
>> +++ b/src/gallium/auxiliary/tgsi/tgsi_text.c
>> @@ -1081,6 +1081,9 @@ parse_instruction(
>> inst.Memory.Qualifier = 0;
>> }
>>
>> + assume(info->num_dst <= TGSI_FULL_MAX_DST_REGISTERS);
>> + assume(info->num_src <= TGSI_FULL_MAX_SRC_REGISTERS);
>> +
>> /* Parse instruction operands.
>> */
>> for (i = 0; i < info->num_dst + info->num_src + info->is_tex; i++) {
>>
>
> For both,
> Reviewed-by: Brian Paul <bri...@vmware.com>
>
> Should the first be cc'd for stable?
>
yeah, first was a real issue (2nd was just to give coverity a hint)..
first should go to however many stable branches are still a going
concern, I think..
BR,
-R
_______________________________________________
mesa-dev mailing list
mesa-dev@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/mesa-dev
