Mesa (master): glsl: Reject C-style initializers with unknown types.

[Matt Turner]

Module: Mesa
Branch: master
Commit: c889df3fbed64be8669d21e3d3c5d6db913255da
URL:    http://cgit.freedesktop.org/mesa/mesa/commit/?id=c889df3fbed64be8669d21e3d3c5d6db913255da

Author: Matt Turner <mattst88 at gmail.com>
Date:   Fri Jul 12 11:05:38 2013 -0700

glsl: Reject C-style initializers with unknown types.

_mesa_ast_set_aggregate_type walks through declarations initialized with
C-style aggregate initializers and stops when it runs out of LHS
declarations or RHS expressions.

In the example

   vec4 v = {{{1, 2, 3, 4}}};

_mesa_ast_set_aggregate_type would not recurse into the subexpressions
(since vec4s do not contain types that can be initialized with an
aggregate initializer) to set their <constructor_type>s. Later in ::hir
we would dereference the NULL pointer and segfault.

If <constructor_type> is NULL in ::hir we know that the LHS and RHS
were unbalanced and the code is illegal.

Arrays, structs, and matrices were unaffected.

Reviewed-by: Kenneth Graunke <kenneth at whitecape.org>
Reviewed-by: Chris Forbes <chrisf at ijw.co.nz>

---

 src/glsl/ast_function.cpp |    5 +++++
 1 files changed, 5 insertions(+), 0 deletions(-)

diff --git a/src/glsl/ast_function.cpp b/src/glsl/ast_function.cpp
index 3918263..e34c1dd 100644
--- a/src/glsl/ast_function.cpp
+++ b/src/glsl/ast_function.cpp
@@ -1707,6 +1707,11 @@ ast_aggregate_initializer::hir(exec_list *instructions,
    void *ctx = state;
    YYLTYPE loc = this->get_location();
    const char *name;
+
+   if (!this->constructor_type) {
+      _mesa_glsl_error(&loc, state, "type of C-style initializer unknown");
+      return ir_rvalue::error_value(ctx);
+   }
    const glsl_type *const constructor_type =
       this->constructor_type->glsl_type(&name, state);