Mesa (master): intel/blorp: Fix usage of uninitialized memory in key hashing
GitLab Mirror
gitlab-mirror at kemper.freedesktop.org
Tue Nov 12 12:29:58 UTC 2019
Module: Mesa
Branch: master
Commit: d4c81820183ba08717fc8845484dc298bdee66a8
URL: http://cgit.freedesktop.org/mesa/mesa/commit/?id=d4c81820183ba08717fc8845484dc298bdee66a8
Author: Danylo Piliaiev <danylo.piliaiev at globallogic.com>
Date: Wed Oct 30 16:14:06 2019 +0200
intel/blorp: Fix usage of uninitialized memory in key hashing
The automatically generated padding in structs contains
undefined values, force pack the structs to eliminate the
padding. Otherwise structs with the same values may generate
different hashes.
Valgrind output:
Conditional jump or move depends on uninitialised value(s)
util_fast_urem32 (fast_urem_by_const.h:71)
hash_table_search (hash_table.c:262)
_mesa_hash_table_search (hash_table.c:296)
anv_pipeline_cache_search_locked (anv_pipeline_cache.c:318)
anv_pipeline_cache_search (anv_pipeline_cache.c:335)
lookup_blorp_shader (anv_blorp.c:38)
blorp_params_get_mcs_partial_resolve_kernel (blorp_clear.c:1112)
blorp_mcs_partial_resolve (blorp_clear.c:1205)
anv_image_mcs_op (anv_blorp.c:1742)
anv_cmd_predicated_mcs_resolve (genX_cmd_buffer.c:774)
transition_color_buffer (genX_cmd_buffer.c:1159)
cmd_buffer_end_subpass (genX_cmd_buffer.c:4840)
Uninitialised value was created by a stack allocation
blorp_params_get_mcs_partial_resolve_kernel (blorp_clear.c:1103)
Signed-off-by: Danylo Piliaiev <danylo.piliaiev at globallogic.com>
Reviewed-by: Lionel Landwerlin <lionel.g.landwerlin at intel.com>
---
src/intel/blorp/blorp_clear.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/src/intel/blorp/blorp_clear.c b/src/intel/blorp/blorp_clear.c
index 901fde9095b..b8a68ffdbec 100644
--- a/src/intel/blorp/blorp_clear.c
+++ b/src/intel/blorp/blorp_clear.c
@@ -34,13 +34,14 @@
#define FILE_DEBUG_FLAG DEBUG_BLORP
+#pragma pack(push, 1)
struct brw_blorp_const_color_prog_key
{
enum blorp_shader_type shader_type; /* Must be BLORP_SHADER_TYPE_CLEAR */
bool use_simd16_replicated_data;
bool clear_rgb_as_red;
- bool pad[3];
};
+#pragma pack(pop)
static bool
blorp_params_get_clear_kernel(struct blorp_batch *batch,
@@ -108,10 +109,12 @@ blorp_params_get_clear_kernel(struct blorp_batch *batch,
return result;
}
+#pragma pack(push, 1)
struct layer_offset_vs_key {
enum blorp_shader_type shader_type;
unsigned num_inputs;
};
+#pragma pack(pop)
/* In the case of doing attachment clears, we are using a surface state that
* is handed to us so we can't set (and don't even know) the base array layer.
@@ -1089,6 +1092,7 @@ blorp_nir_bit(nir_builder *b, nir_ssa_def *src, unsigned bit)
nir_imm_int(b, 1));
}
+#pragma pack(push, 1)
struct blorp_mcs_partial_resolve_key
{
enum blorp_shader_type shader_type;
@@ -1096,6 +1100,7 @@ struct blorp_mcs_partial_resolve_key
bool int_format;
uint32_t num_samples;
};
+#pragma pack(pop)
static bool
blorp_params_get_mcs_partial_resolve_kernel(struct blorp_batch *batch,
More information about the mesa-commit
mailing list