[Bug 94616] Invalid write in push_loop_stack

[bugzilla-daemon at freedesktop.org]

https://bugs.freedesktop.org/show_bug.cgi?id=94616

            Bug ID: 94616
           Summary: Invalid write in push_loop_stack
           Product: Mesa
           Version: unspecified
          Hardware: Other
                OS: All
            Status: NEW
          Severity: normal
          Priority: medium
         Component: Drivers/DRI/i965
          Assignee: idr at freedesktop.org
          Reporter: marcandre.lureau at gmail.com
        QA Contact: intel-3d-bugs at lists.freedesktop.org

Created attachment 122424
  --> https://bugs.freedesktop.org/attachment.cgi?id=122424&action=edit
0001-i965-fix-invalid-memory-write.patch

I noticed some heap corruption running virgl tests, and valgrind
    helped me to track it down to the following error:

    ==29272== Invalid write of size 4
    ==29272==    at 0x90283D4: push_loop_stack (brw_eu_emit.c:1307)
    ==29272==    by 0x9029A7D: brw_DO (brw_eu_emit.c:1750)
    ==29272==    by 0x90554B0: fs_generator::generate_code(cfg_t const*, int)
(brw_fs_generator.cpp:1999)
    ==29272==    by 0x904491F: brw_compile_fs (brw_fs.cpp:5685)
    ==29272==    by 0x8FC5DC5: brw_codegen_wm_prog (brw_wm.c:137)
    ==29272==    by 0x8FC7663: brw_fs_precompile (brw_wm.c:638)
    ==29272==    by 0x8FA4040: brw_shader_precompile(gl_context*,
gl_shader_program*) (brw_link.cpp:51)
    ==29272==    by 0x8FA4A9A: brw_link_shader (brw_link.cpp:260)
    ==29272==    by 0x8DEF751: _mesa_glsl_link_shader (ir_to_mesa.cpp:3006)
    ==29272==    by 0x8C84325: _mesa_link_program (shaderapi.c:1042)
    ==29272==    by 0x8C851D7: _mesa_LinkProgram (shaderapi.c:1515)
    ==29272==    by 0x4E4B8E8: add_shader_program (vrend_renderer.c:880)
    ==29272==  Address 0xf2f3cb0 is 0 bytes after a block of size 112 alloc'd
    ==29272==    at 0x4C2AA98: calloc (vg_replace_malloc.c:711)
    ==29272==    by 0x8ED11F7: ralloc_size (ralloc.c:113)
    ==29272==    by 0x8ED1282: rzalloc_size (ralloc.c:134)
    ==29272==    by 0x8ED14C0: rzalloc_array_size (ralloc.c:196)
    ==29272==    by 0x9019C7B: brw_init_codegen (brw_eu.c:291)
    ==29272==    by 0x904F565: fs_generator::fs_generator(brw_compiler const*,
void*, void*, void const*, brw_stage_prog_data*, unsigned int, bool,
gl_shader_stage) (brw_fs_generator.cpp:124)
    ==29272==    by 0x9044883: brw_compile_fs (brw_fs.cpp:5675)
    ==29272==    by 0x8FC5DC5: brw_codegen_wm_prog (brw_wm.c:137)
    ==29272==    by 0x8FC7663: brw_fs_precompile (brw_wm.c:638)
    ==29272==    by 0x8FA4040: brw_shader_precompile(gl_context*,
gl_shader_program*) (brw_link.cpp:51)
    ==29272==    by 0x8FA4A9A: brw_link_shader (brw_link.cpp:260)
    ==29272==    by 0x8DEF751: _mesa_glsl_link_shader (ir_to_mesa.cpp:3006)


See attached patch for possible solution

-- 
You are receiving this mail because:
You are the QA Contact for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.freedesktop.org/archives/intel-3d-bugs/attachments/20160318/cb306b8b/attachment.html>