[Bug 71254] Mesa crash on shaders that have large number of active uniforms.

bugzilla-daemon at freedesktop.org bugzilla-daemon at freedesktop.org
Tue Nov 5 11:39:51 CET 2013


https://bugs.freedesktop.org/show_bug.cgi?id=71254

Petri Latvala <petri.latvala at intel.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |petri.latvala at intel.com

--- Comment #2 from Petri Latvala <petri.latvala at intel.com> ---
Reproduced with current git version.

brw_vec4.hpp has

class vec4_visitor {
...
int uniform_size[MAX_UNIFORMS];
int uniform_vector_size[MAX_UNIFORMS];
...
};

Accesses to those arrays are not checked for valid index.

For a test, I added checks when vec4_visitor::uniforms gets increased (that
seems to be used as the index for those arrays directly) and called fail(...)
to get the compilation abort (after adding enough if (failed) checks
elsewhere). That reveals another issue when compiling that shader, which is
that visit(ir_expression*) calls visit(ir_expression*) recursively enough times
to overflow the stack. The default 8MB stack was overflown, 16MB was enough.

In a nutshell: This is an i965-specific bug, and will crash the process in one
of two ways.

-- 
You are receiving this mail because:
You are the QA Contact for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freedesktop.org/archives/intel-3d-bugs/attachments/20131105/a62c7dce/attachment.html>


More information about the intel-3d-bugs mailing list