Mesa (master): pan/bifrost: Avoid buffer overflow in disassembler
GitLab Mirror
gitlab-mirror at kemper.freedesktop.org
Wed Aug 21 17:39:40 UTC 2019
Module: Mesa
Branch: master
Commit: cda0ec67e6a615c10ac75e7345c8982637526d8c
URL: http://cgit.freedesktop.org/mesa/mesa/commit/?id=cda0ec67e6a615c10ac75e7345c8982637526d8c
Author: Alyssa Rosenzweig <alyssa.rosenzweig at collabora.com>
Date: Wed Aug 21 09:02:40 2019 -0700
pan/bifrost: Avoid buffer overflow in disassembler
This path shouldn't be possible for in-spec shaders, but let's be
defensive. (Because security, right? Mostly because Coverity.)
Signed-off-by: Alyssa Rosenzweig <alyssa.rosenzweig at collabora.com>
---
src/panfrost/bifrost/disassemble.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/src/panfrost/bifrost/disassemble.c b/src/panfrost/bifrost/disassemble.c
index c7e131d5d5b..19592e21b41 100644
--- a/src/panfrost/bifrost/disassemble.c
+++ b/src/panfrost/bifrost/disassemble.c
@@ -2177,7 +2177,7 @@ bool dump_clause(uint32_t *words, unsigned *size, unsigned offset, bool verbose)
// share a buffer in the decoder, but we only care about
// the position in the constant stream; the total number of
// instructions is redundant.
- unsigned const_idx = 7;
+ unsigned const_idx = 0;
switch (pos) {
case 0:
case 1:
@@ -2205,9 +2205,12 @@ bool dump_clause(uint32_t *words, unsigned *size, unsigned offset, bool verbose)
break;
default:
printf("# unknown pos 0x%x\n", pos);
+ break;
}
+
if (num_consts < const_idx + 2)
num_consts = const_idx + 2;
+
consts[const_idx] = const0;
consts[const_idx + 1] = const1;
done = stop;
More information about the mesa-commit
mailing list