Mesa (master): glsl: fix crashes on out of bound matrix access using constant index
GitLab Mirror
gitlab-mirror at kemper.freedesktop.org
Tue Aug 18 11:52:11 UTC 2020
Module: Mesa
Branch: master
Commit: 16f1d8b3910496e04faba22f5d7b0ba84c07e6ad
URL: http://cgit.freedesktop.org/mesa/mesa/commit/?id=16f1d8b3910496e04faba22f5d7b0ba84c07e6ad
Author: Marcin Ślusarz <marcin.slusarz at intel.com>
Date: Mon May 11 23:26:40 2020 +0200
glsl: fix crashes on out of bound matrix access using constant index
Fixes these piglit tests:
- spec at glsl-1.20@execution at matrix-out-of-bounds-access@fs-mat4-out-of-bounds-2
- spec at glsl-1.20@execution at matrix-out-of-bounds-access@fs-mat4-out-of-bounds-4
- spec at glsl-1.20@execution at matrix-out-of-bounds-access@fs-mat4-out-of-bounds-5
Signed-off-by: Marcin Ślusarz <marcin.slusarz at intel.com>
Reviewed-by: Danylo Piliaiev <danylo.piliaiev at globallogic.com>
Reviewed-by: Matt Turner <mattst88 at gmail.com>
Reviewed-by: Eric Anholt <eric at anholt.net>
Part-of: <https://gitlab.freedesktop.org/mesa/mesa/-/merge_requests/4998>
---
.gitlab-ci/piglit/quick_shader.txt | 7 ++-----
src/compiler/glsl/ir_constant_expression.cpp | 13 +++++++++++++
2 files changed, 15 insertions(+), 5 deletions(-)
diff --git a/.gitlab-ci/piglit/quick_shader.txt b/.gitlab-ci/piglit/quick_shader.txt
index cfe6e67bf76..1f1c83e86b0 100644
--- a/.gitlab-ci/piglit/quick_shader.txt
+++ b/.gitlab-ci/piglit/quick_shader.txt
@@ -369,9 +369,6 @@ spec/glsl-1.10/execution/built-in-functions/fs-pow-float-float: fail
spec/glsl-1.10/execution/built-in-functions/vs-pow-float-float: fail
spec/glsl-1.10/preprocessor/extension-defined-test: skip
spec/glsl-1.10/preprocessor/extension-if-1: skip
-spec/glsl-1.20/execution/matrix-out-of-bounds-access/fs-mat4-out-of-bounds-2: crash
-spec/glsl-1.20/execution/matrix-out-of-bounds-access/fs-mat4-out-of-bounds-4: crash
-spec/glsl-1.20/execution/matrix-out-of-bounds-access/fs-mat4-out-of-bounds-5: crash
spec/glsl-1.20/execution/vector-out-of-bounds-access/fs-vec4-out-of-bounds-1: crash
spec/glsl-1.20/execution/vector-out-of-bounds-access/fs-vec4-out-of-bounds-2: crash
spec/glsl-1.20/execution/vector-out-of-bounds-access/fs-vec4-out-of-bounds-4: crash
@@ -598,9 +595,9 @@ spec/nv_viewport_swizzle/viewport_swizzle: skip
summary:
name: results
---- --------
- pass: 15778
+ pass: 15781
fail: 104
- crash: 178
+ crash: 175
skip: 315
timeout: 0
warn: 0
diff --git a/src/compiler/glsl/ir_constant_expression.cpp b/src/compiler/glsl/ir_constant_expression.cpp
index 47049d0202b..1f2f786e2f0 100644
--- a/src/compiler/glsl/ir_constant_expression.cpp
+++ b/src/compiler/glsl/ir_constant_expression.cpp
@@ -955,6 +955,19 @@ ir_dereference_array::constant_expression_value(void *mem_ctx,
const glsl_type *const column_type = array->type->column_type();
+ /* Section 5.11 (Out-of-Bounds Accesses) of the GLSL 4.60 spec says:
+ *
+ * In the subsections described above for array, vector, matrix and
+ * structure accesses, any out-of-bounds access produced undefined
+ * behavior....Out-of-bounds reads return undefined values, which
+ * include values from other variables of the active program or zero.
+ */
+ if (idx->value.i[0] < 0 || column >= array->type->matrix_columns) {
+ ir_constant_data data = { { 0 } };
+
+ return new(mem_ctx) ir_constant(column_type, &data);
+ }
+
/* Offset in the constant matrix to the first element of the column
* to be extracted.
*/
More information about the mesa-commit
mailing list