On Thu, May 26, 2016 at 11:42 AM, Rob Clark <robdcl...@gmail.com> wrote:
> On Thu, May 26, 2016 at 11:33 AM, Brian Paul <bri...@vmware.com> wrote:
>> On 05/26/2016 09:25 AM, Rob Clark wrote:
>>>
>>> From: Rob Clark <robcl...@freedesktop.org>
>>>
>>> CID 1271532 (#1 of 1): Out-of-bounds read (OVERRUN)34. overrun-local:
>>> Overrunning array of 2 16-byte elements at element index 2 (byte offset
>>> 32) by dereferencing pointer &inst.Dst[i].
>>>
>>> Signed-off-by: Rob Clark <robcl...@freedesktop.org>
>>> ---
>>> src/gallium/auxiliary/tgsi/tgsi_text.c | 3 +++
>>> 1 file changed, 3 insertions(+)
>>>
>>> diff --git a/src/gallium/auxiliary/tgsi/tgsi_text.c
>>> b/src/gallium/auxiliary/tgsi/tgsi_text.c
>>> index 955d042..8bdec06 100644
>>> --- a/src/gallium/auxiliary/tgsi/tgsi_text.c
>>> +++ b/src/gallium/auxiliary/tgsi/tgsi_text.c
>>> @@ -1081,6 +1081,9 @@ parse_instruction(
>>> inst.Memory.Qualifier = 0;
>>> }
>>>
>>> + assume(info->num_dst <= TGSI_FULL_MAX_DST_REGISTERS);
>>> + assume(info->num_src <= TGSI_FULL_MAX_SRC_REGISTERS);
>>> +
>>> /* Parse instruction operands.
>>> */
>>> for (i = 0; i < info->num_dst + info->num_src + info->is_tex; i++) {
>>>
>>
>> For both,
>> Reviewed-by: Brian Paul <bri...@vmware.com>
>>
>> Should the first be cc'd for stable?
>>
>
> yeah, first was a real issue (2nd was just to give coverity a hint)..
> first should go to however many stable branches are still a going
> concern, I think..
actually, turns out this code is newer than 11.2 so turns out we are
good for stable ;-)
BR,
-R
_______________________________________________
mesa-dev mailing list
mesa-dev@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/mesa-dev
