[Mesa-dev] [PATCH] svga: fix invalid memory reference in needs_to_create_zero()

Brian Paul brianp at vmware.com
Thu Jul 26 12:36:07 PDT 2012


The emit->key.fkey info is only valid if we're generating a fragment shader.
We should not look at it if we're generating a vertex shader.

When generating a vertex shader, the value of emit->key.fkey.num_textures was
garbage and the loop over num_textures would read invalid data.  At best
this would cause us to emit an unused constant.  At worse, we could segfault.
Just by dumb luck, fkey.num_textures was usually a smallish integer.

NOTE: This is a candidate for the 8.0 branch.
---
 src/gallium/drivers/svga/svga_tgsi_insn.c |   10 +++++-----
 1 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/src/gallium/drivers/svga/svga_tgsi_insn.c b/src/gallium/drivers/svga/svga_tgsi_insn.c
index ba10fa7..4770816 100644
--- a/src/gallium/drivers/svga/svga_tgsi_insn.c
+++ b/src/gallium/drivers/svga/svga_tgsi_insn.c
@@ -3126,6 +3126,11 @@ needs_to_create_zero( struct svga_shader_emitter *emit )
              emit->key.fkey.tex[i].swizzle_a > PIPE_SWIZZLE_ALPHA)
             return TRUE;
       }
+
+      for (i = 0; i < emit->key.fkey.num_textures; i++) {
+         if (emit->key.fkey.tex[i].compare_mode == PIPE_TEX_COMPARE_R_TO_TEXTURE)
+            return TRUE;
+      }
    }
 
    if (emit->unit == PIPE_SHADER_VERTEX) {
@@ -3150,11 +3155,6 @@ needs_to_create_zero( struct svga_shader_emitter *emit )
        emit->info.opcode_count[TGSI_OPCODE_KILP] >= 1)
       return TRUE;
 
-   for (i = 0; i < emit->key.fkey.num_textures; i++) {
-      if (emit->key.fkey.tex[i].compare_mode == PIPE_TEX_COMPARE_R_TO_TEXTURE)
-         return TRUE;
-   }
-
    return FALSE;
 }
 
-- 
1.7.3.4



More information about the mesa-dev mailing list