[Bug 102265] Segfault in `ir_dereference_variable::ir_dereference_variable` dereferencing NULL variable

bugzilla-daemon at freedesktop.org bugzilla-daemon at freedesktop.org
Wed Aug 16 15:42:48 UTC 2017 

https://bugs.freedesktop.org/show_bug.cgi?id=102265

            Bug ID: 102265
           Summary: Segfault in
                    `ir_dereference_variable::ir_dereference_variable`
                    dereferencing NULL variable
           Product: Mesa
           Version: 17.2
          Hardware: Other
                OS: All
            Status: NEW
          Severity: normal
          Priority: medium
         Component: glsl-compiler
          Assignee: mesa-dev at lists.freedesktop.org
          Reporter: pmenzel+bugs.freedesktop at molgen.mpg.de
        QA Contact: intel-3d-bugs at lists.freedesktop.org

Created attachment 133555
  --> https://bugs.freedesktop.org/attachment.cgi?id=133555&action=edit
Stack trace captured with GDB

The test added in bug 100438 crashes in radeonsi_dri.so (Linux 4.9.43, Mesa
17.1.6, libdrm 2.4.82).


```
glslparsertest[28096]: segfault at 20 ip 00007f52efb31088 sp 00007ffcac4e67e0
error 4 in radeonsi_dri.so[7f52ef82e000+964000]
```

Here is the backtrace.

```
ir_dereference_variable::ir_dereference_variable (var=0x0, this=0x776400) at
/dev/shm/bee-root/mesalib/mesalib-17.1.6-0/source/src/compiler/glsl/ir.cpp:1391
1391   
/dev/shm/bee-root/mesalib/mesalib-17.1.6-0/source/src/compiler/glsl/ir.cpp: No
such file or directory.
#0  ir_dereference_variable::ir_dereference_variable (var=0x0, this=0x776400)
at
/dev/shm/bee-root/mesalib/mesalib-17.1.6-0/source/src/compiler/glsl/ir.cpp:1391
#1  ir_dereference_array::ir_dereference_array (this=0x776390, var=0x0,
array_index=0x775120) at
/dev/shm/bee-root/mesalib/mesalib-17.1.6-0/source/src/compiler/glsl/ir.cpp:1411
#2  0x00007ffff1f17f9b in generate_array_index (mem_ctx=mem_ctx at entry=0x7627c0,
instructions=instructions at entry=0x775090, state=state at entry=0x7627c0, loc=...,
array=<optimized out>, idx=<optimized out>,
function_name=function_name at entry=0x7fffffffe480,
actual_parameters=0x7fffffffe4b0) at
/dev/shm/bee-root/mesalib/mesalib-17.1.6-0/source/src/compiler/glsl/ast_function.cpp:668
#3  0x00007ffff1f1af98 in ast_function_expression::hir (this=0x763b00,
instructions=0x775090, state=0x7627c0) at
/dev/shm/bee-root/mesalib/mesalib-17.1.6-0/source/src/compiler/glsl/ast_function.cpp:2191
#4  0x00007ffff1f225d3 in ast_expression_statement::hir (this=<optimized out>,
instructions=<optimized out>, state=<optimized out>) at
/dev/shm/bee-root/mesalib/mesalib-17.1.6-0/source/src/compiler/glsl/ast_to_hir.cpp:2201
#5  0x00007ffff1f2262f in ast_compound_statement::hir (this=0x763c70,
instructions=0x775090, state=0x7627c0) at
/dev/shm/bee-root/mesalib/mesalib-17.1.6-0/source/src/compiler/glsl/ast_to_hir.cpp:2217
#6  0x00007ffff1f2872a in ast_function_definition::hir (this=0x763cd0,
instructions=<optimized out>, state=0x7627c0) at
/dev/shm/bee-root/mesalib/mesalib-17.1.6-0/source/src/compiler/glsl/ast_to_hir.cpp:5853
#7  0x00007ffff1f1f5f8 in _mesa_ast_to_hir (instructions=0x765020,
state=state at entry=0x7627c0) at
/dev/shm/bee-root/mesalib/mesalib-17.1.6-0/source/src/compiler/glsl/ast_to_hir.cpp:155
#8  0x00007ffff1f80b6a in _mesa_glsl_compile_shader (ctx=ctx at entry=0x71c1f0,
shader=shader at entry=0x762650, dump_ast=dump_ast at entry=false,
dump_hir=dump_hir at entry=false, force_recompile=force_recompile at entry=false) at
/dev/shm/bee-root/mesalib/mesalib-17.1.6-0/source/src/compiler/glsl/glsl_parser_extras.cpp:2071
#9  0x00007ffff1e1f4b4 in _mesa_compile_shader (ctx=0x71c1f0, sh=0x762650) at
/dev/shm/bee-root/mesalib/mesalib-17.1.6-0/source/src/mesa/main/shaderapi.c:1044
#10 0x00007ffff7a9b1f6 in stub_glCompileShader (shader=1) at
/dev/shm/piglit/tests/util/piglit-dispatch-gen.c:7084
#11 0x0000000000401f7f in test () at
/dev/shm/piglit/tests/glslparsertest/glslparsertest.c:303
#12 0x000000000040271d in piglit_init (argc=4, argv=0x7fffffffe998) at
/dev/shm/piglit/tests/glslparsertest/glslparsertest.c:543
#13 0x00007ffff7b3737b in run_test (gl_fw=0x615c20, argc=4,
argv=0x7fffffffe998) at
/dev/shm/piglit/tests/util/piglit-framework-gl/piglit_winsys_framework.c:73
#14 0x00007ffff7b1bb5d in piglit_gl_test_run (argc=4, argv=0x7fffffffe998,
config=0x7fffffffe850) at /dev/shm/piglit/tests/util/piglit-framework-gl.c:223
#15 0x000000000040199e in main (argc=4, argv=0x7fffffffe998) at
/dev/shm/piglit/tests/glslparsertest/glslparsertest.c:90
```

The full stack trace is attached.

[1] https://bugs.freedesktop.org/show_bug.cgi?id=100438

-- 
You are receiving this mail because:
You are the QA Contact for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.freedesktop.org/archives/intel-3d-bugs/attachments/20170816/165ac964/attachment-0001.html>

More information about the intel-3d-bugs mailing list