Re: [Mesa-dev] [PATCH] prog_parameter.c ASAN Patch

Mon, 17 Jun 2013 08:14:41 -0700 

On 06/14/2013 05:12 PM, Myles C. Maxfield wrote:

Sorry for the triple post; I received a bounce email the first time and got 
sent to the spam folder the second time, so I'm trying a third time.

Hello, all. I was running Mesa with Address Sanitizer [1] turned on, and found 
one place where ASAN pointed out a read-before-initialized problem. In 
particular, in _mesa_add_parameter, in prog_parameter.c, |values| represents an 
array holding a variable number of values. These values get copied out of the 
array 4 at a time with the COPY_4V macro, however, the array might only contain 
a single element. In this case, ASAN reports a read-before-initialize because 
the last 3 of the 4 elements haven't been written to yet. I was hoping to 
contribute a patch that will silence this problem that ASAN reports. I'm happy 
to incorporate any feedback anyone has into this patch.

Thanks,
Myles C. Maxfield

[1]https://code.google.com/p/address-sanitizer/

diff --git a/src/mesa/program/prog_parameter.c 
b/src/mesa/program/prog_parameter.c
index 2018fa5..63915fb 100644
--- a/src/mesa/program/prog_parameter.c
+++ b/src/mesa/program/prog_parameter.c
@@ -158,7 +158,17 @@ _mesa_add_parameter(struct gl_program_parameter_list 
*paramList,
           p->DataType = datatype;
           p->Flags = flags;
           if (values) {
-            COPY_4V(paramList->ParameterValues[oldNum + i], values);
+            if (size & 3) {
+              for (j = 0; j < size; j++) {
+                paramList->ParameterValues[oldNum + i][j] = values[j];
+              }
+              /* silence asan */
+              for (j = size; j < 4; j++) {
+                paramList->ParameterValues[oldNum + i][j].f = 0;
+              }
+            } else {
+              COPY_4V(paramList->ParameterValues[oldNum + i], values);
+            }
              values += 4;
              p->Initialized = GL_TRUE;
           }
The value of 'size' can actually be greater than 4 (IIRC, and the function comment are still correct). For example, for a matrix, size=16. So the first for-loop should be fixed, just to be safe.
In the commit message, let's not use "ASAN" since it's not obvious that it means Address Sanitizer. 

-Brian



_______________________________________________
mesa-dev mailing list
mesa-dev@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/mesa-dev

Reply via email to