Mesa (master): gallium/tgsi: fix oob access in parse instruction
Dave Airlie
airlied at kemper.freedesktop.org
Tue Feb 7 04:00:43 UTC 2017
Module: Mesa
Branch: master
Commit: 83fb63d31de51cd49a947f68393672e97b307f37
URL: http://cgit.freedesktop.org/mesa/mesa/commit/?id=83fb63d31de51cd49a947f68393672e97b307f37
Author: Li Qiang <liq3ea at gmail.com>
Date: Mon Jan 23 02:44:03 2017 -0500
gallium/tgsi: fix oob access in parse instruction
When parsing texture instruction, it doesn't stop if the
'cur' is ',', the loop variable 'i' will also be increased
and be used to index the 'inst.TexOffsets' array. This can lead
an oob access issue. This patch avoid this.
Reviewed-by: Dave Airlie <airlied at redhat.com>
Signed-off-by: Li Qiang <liq3ea at gmail.com>
---
src/gallium/auxiliary/tgsi/tgsi_text.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/gallium/auxiliary/tgsi/tgsi_text.c b/src/gallium/auxiliary/tgsi/tgsi_text.c
index 308e6b5..4ed9050 100644
--- a/src/gallium/auxiliary/tgsi/tgsi_text.c
+++ b/src/gallium/auxiliary/tgsi/tgsi_text.c
@@ -1163,7 +1163,7 @@ parse_instruction(
cur = ctx->cur;
eat_opt_white( &cur );
- for (i = 0; inst.Instruction.Texture && *cur == ','; i++) {
+ for (i = 0; inst.Instruction.Texture && *cur == ',' && i < TGSI_FULL_MAX_TEX_OFFSETS; i++) {
cur++;
eat_opt_white( &cur );
ctx->cur = cur;
More information about the mesa-commit
mailing list