Given the age of this bug, should this be a candidate for 10.4 and 10.5 stable branches?
On 03/10/2015 03:36 AM, Iago Toral Quiroga wrote: > The piglit test glsl-fs-uniform-array-loop-unroll.shader_test was designed > to do an out of bounds access into an uniform array to make sure that we > handle that situation gracefully inside the driver, however, as Ken describes > in bug 79202, Valgrind reports that this is leading to an out-of-bounds access > in fs_visitor::demote_pull_constants(). > > Before accessing the pull_constant_loc array we should make sure that > the uniform we are trying to access is valid. > > Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=79202 > --- > src/mesa/drivers/dri/i965/brw_fs.cpp | 9 +++++++-- > 1 file changed, 7 insertions(+), 2 deletions(-) > > diff --git a/src/mesa/drivers/dri/i965/brw_fs.cpp > b/src/mesa/drivers/dri/i965/brw_fs.cpp > index 89754ad..6d7cf0e 100644 > --- a/src/mesa/drivers/dri/i965/brw_fs.cpp > +++ b/src/mesa/drivers/dri/i965/brw_fs.cpp > @@ -2281,8 +2281,13 @@ fs_visitor::demote_pull_constants() > if (inst->src[i].file != UNIFORM) > continue; > > - int pull_index = pull_constant_loc[inst->src[i].reg + > - inst->src[i].reg_offset]; > + int pull_index; > + unsigned location = inst->src[i].reg + inst->src[i].reg_offset; > + if (location >= uniforms) /* Out of bounds access */ > + pull_index = -1; > + else > + pull_index = pull_constant_loc[location]; > + > if (pull_index == -1) > continue; > _______________________________________________ mesa-dev mailing list mesa-dev@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/mesa-dev
