Re: [Mesa-dev] [PATCH] gallium/tgsi: fix oob access in parse instruction

Hello, Ping! 2017-01-23 15:44 GMT+08:00 Li Qiang : > When parsing texture instruction, it doesn't stop if the > 'cur' is ',', the loop variable 'i' will also be increased > and be used to index the 'inst.TexOffsets' array. This can lead &g

[Mesa-dev] [PATCH v2] gallium/tgsi: fix memory leak in tgsi sanity check

Fix the leak of some ctx fields in error path. Suggested-by: Marc-Andr?? Lureau Signed-off-by: Li Qiang --- src/gallium/auxiliary/tgsi/tgsi_sanity.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/gallium/auxiliary/tgsi/tgsi_sanity.c b/src/gallium/auxiliary/tgsi

[Mesa-dev] [PATCH] gallium/tgsi: fix oob access in parse instruction

When parsing texture instruction, it doesn't stop if the 'cur' is ',', the loop variable 'i' will also be increased and be used to index the 'inst.TexOffsets' array. This can lead an oob access issue. This patch avoid this. Signed-off-by: Li Qiang --

Re: [Mesa-dev] [PATCH] gallium/tgsi: fix oob access in parse instruction

x the 'inst.TexOffsets' array. This can lead > > an oob access issue. This patch avoid this. > > > > Signed-off-by: Li Qiang > > --- > > src/gallium/auxiliary/tgsi/tgsi_text.c | 2 +- > > 1 file changed, 1 insertion(+), 1 deletion(-) > > >

[Mesa-dev] [PATCH] gallium/tgsi: fix memory leak in tgsi sanity check

Fix the leak of some ctx fields in error path. Signed-off-by: Li Qiang --- src/gallium/auxiliary/tgsi/tgsi_sanity.c | 6 +- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/src/gallium/auxiliary/tgsi/tgsi_sanity.c b/src/gallium/auxiliary/tgsi/tgsi_sanity.c index f867925

[Mesa-dev] [PATCH v3] gallium/tgsi: fix overflow in parse property

In parse_identifier, it doesn't stop copying '*pcur' untill encounter the NULL. As the 'ret' has a fixed-size buffer, if the '*pcur' has a long string, there will be a buffer overflow. This patch avoid this. Signed-off-by: Li Qiang --- src/gallium/auxiliar

[Mesa-dev] [PATCH] gallium/tgsi: fix overflow in parse property

In parse_identifier, it doesn't stop copying '*pcur' untill encounter the NULL. As the 'ret' has a fixed-size buffer, if the '*pcur' has a long string, there will be a buffer overflow. This patch avoid this. Signed-off-by: Li Qiang --- src/gallium/auxiliary/

[Mesa-dev] [PATCH v2] gallium/tgsi: fix overflow in parse property

In parse_identifier, it doesn't stop copying '*pcur' untill encounter the NULL. As the 'ret' has a fixed-size buffer, if the '*pcur' has a long string, there will be a buffer overflow. This patch avoid this. Signed-off-by: Li Qiang --- src/gallium/auxiliar