When parsing texture instruction, it doesn't stop if the
'cur' is ',', the loop variable 'i' will also be increased
and be used to index the 'inst.TexOffsets' array. This can lead
an oob access issue. This patch avoid this.
Signed-off-by: Li Qiang <liq...@gmail.com>
---
src/gallium/auxiliary/tgsi/tgsi_text.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/gallium/auxiliary/tgsi/tgsi_text.c
b/src/gallium/auxiliary/tgsi/tgsi_text.c
index 308e6b5..4ed9050 100644
--- a/src/gallium/auxiliary/tgsi/tgsi_text.c
+++ b/src/gallium/auxiliary/tgsi/tgsi_text.c
@@ -1163,7 +1163,7 @@ parse_instruction(
cur = ctx->cur;
eat_opt_white( &cur );
- for (i = 0; inst.Instruction.Texture && *cur == ','; i++) {
+ for (i = 0; inst.Instruction.Texture && *cur == ',' && i <
TGSI_FULL_MAX_TEX_OFFSETS; i++) {
cur++;
eat_opt_white( &cur );
ctx->cur = cur;
--
2.7.4
_______________________________________________
mesa-dev mailing list
mesa-dev@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/mesa-dev
