Mesa (master): glsl: Don' t crash on function names with invalid identifiers.
Kenneth Graunke
kwg at kemper.freedesktop.org
Sun Nov 13 06:11:23 UTC 2016
Module: Mesa
Branch: master
Commit: 151aecabe4be9d45627ef1f6ae6b8d732cea0c28
URL: http://cgit.freedesktop.org/mesa/mesa/commit/?id=151aecabe4be9d45627ef1f6ae6b8d732cea0c28
Author: Kenneth Graunke <kenneth at whitecape.org>
Date: Sat Nov 12 11:55:30 2016 -0800
glsl: Don't crash on function names with invalid identifiers.
Karol Herbst's fuzzing efforts noticed that we would segfault on:
void bug() {
2(0);
}
We just need to bail if the function name isn't an identifier.
Based on a bug fix by Karol Herbst.
Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=97422
Signed-off-by: Kenneth Graunke <kenneth at whitecape.org>
Reviewed-by: Timothy Arceri <timothy.arceri at collabora.com>
---
src/compiler/glsl/ast_function.cpp | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/src/compiler/glsl/ast_function.cpp b/src/compiler/glsl/ast_function.cpp
index ac3b52d..3f353a3 100644
--- a/src/compiler/glsl/ast_function.cpp
+++ b/src/compiler/glsl/ast_function.cpp
@@ -2090,7 +2090,7 @@ ast_function_expression::hir(exec_list *instructions,
return handle_method(instructions, state);
} else {
const ast_expression *id = subexpressions[0];
- const char *func_name;
+ const char *func_name = NULL;
YYLTYPE loc = get_location();
exec_list actual_parameters;
ir_variable *sub_var = NULL;
@@ -2104,8 +2104,10 @@ ast_function_expression::hir(exec_list *instructions,
id->subexpressions[0],
id->subexpressions[1], &func_name,
&actual_parameters);
- } else {
+ } else if (id->oper == ast_identifier) {
func_name = id->primary_expression.identifier;
+ } else {
+ _mesa_glsl_error(&loc, state, "function name is not an identifier");
}
/* an error was emitted earlier */
More information about the mesa-commit
mailing list