[Bug 99677] heap-use-after-free in glsl

bugzilla-daemon at freedesktop.org bugzilla-daemon at freedesktop.org
Tue Feb 7 08:46:44 UTC 2017


--- Comment #3 from Samuel Iglesias <siglesias at igalia.com> ---
(In reply to Bartosz Tomczyk from comment #2)
> Hi Samuel,
> I don't have setup to reproduce it right now. I will update you will more
> details in the evening.
> But I looked at current mesa git and the bug is definitively there.
> Look at  src/compiler/glsl/ast_to_hir.cpp:5210 - function
> get_variable_being_redeclared can free 'var',  and then it could be
> dereferenced at src/compiler/glsl/ast_to_hir.cpp:5266. This is exactly what
> address sanitizer showed.

Right. Thanks!

You are receiving this mail because:
You are the QA Contact for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.freedesktop.org/archives/intel-3d-bugs/attachments/20170207/5bfdc9cc/attachment-0001.html>

More information about the intel-3d-bugs mailing list