[Mesa-dev] [RFC 3/7] nir: coverity unitialized pointer read
Rob Clark
robdclark at gmail.com
Wed May 18 15:54:11 UTC 2016
From: Rob Clark <robclark at freedesktop.org>
Not sure how coverity arrives at the conclusion that we can read comp[j]
unitialized (around line 204), other than not being aware that ncomp is
greater than 1 so it won't underflow in the 'if (tex->is_array)' case.
---
src/compiler/nir/nir_lower_tex.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/src/compiler/nir/nir_lower_tex.c b/src/compiler/nir/nir_lower_tex.c
index a080475..c05d48b 100644
--- a/src/compiler/nir/nir_lower_tex.c
+++ b/src/compiler/nir/nir_lower_tex.c
@@ -177,6 +177,12 @@ saturate_src(nir_builder *b, nir_tex_instr *tex, unsigned sat_mask)
/* split src into components: */
nir_ssa_def *comp[4];
+ /* NOTE: coord_components won't be >4 or <1 but coverity doesn't
+ * know this:
+ */
+ assume(tex->coord_components < ARRAY_SIZE(comp));
+ assume(tex->coord_components >= 1);
+
for (unsigned j = 0; j < tex->coord_components; j++)
comp[j] = nir_channel(b, src, j);
--
2.5.5
More information about the mesa-dev
mailing list