Mesa (20.3): glsl: avoid an out-of-bound access while setting up a location for variable
GitLab Mirror
gitlab-mirror at kemper.freedesktop.org
Tue Dec 1 17:45:02 UTC 2020
Module: Mesa
Branch: 20.3
Commit: 6e72700f8426721b97a2197ce335d44fa516d09d
URL: http://cgit.freedesktop.org/mesa/mesa/commit/?id=6e72700f8426721b97a2197ce335d44fa516d09d
Author: Andrii Simiklit <andrii.simiklit at globallogic.com>
Date: Thu Oct 29 17:05:19 2020 +0200
glsl: avoid an out-of-bound access while setting up a location for variable
It fixes the following valgrind issue:
==141996== Invalid read of size 4
==141996== at 0x61F8806: gl_nir_link_uniforms (gl_nir_link_uniforms.c:1788)
==141996== by 0x60F17AA: gl_nir_link_glsl (gl_nir_linker.c:672)
==141996== by 0x5C1AEDF: st_link_nir (st_glsl_to_nir.cpp:739)
==141996== by 0x5C15574: st_link_shader (st_glsl_to_ir.cpp:172)
==141996== by 0x5C673B0: _mesa_glsl_link_shader (ir_to_mesa.cpp:3117)
==141996== by 0x5E7B61C: link_program (shaderapi.c:1311)
==141996== by 0x5E7B61C: link_program_error (shaderapi.c:1419)
==141996== by 0x5E7CF8A: _mesa_LinkProgram (shaderapi.c:1911)
==141996== by 0x4923D13: stub_glLinkProgram (piglit-dispatch-gen.c:33956)
==141996== by 0x1142C0: link_and_use_shaders (shader_runner.c:1636)
==141996== by 0x1205A6: init_test (shader_runner.c:5347)
==141996== by 0x121555: piglit_init (shader_runner.c:5725)
==141996== by 0x4991C84: run_test (piglit_fbo_framework.c:50)
It can be reproduced on `iris` using the following piglit test:
instance-matching-shader-storage-blocks-align-qualifier-mismatch.shader_test
Closes: #3818
Reviewed-by: Ian Romanick <ian.d.romanick at intel.com>
Fixes: 47c35823 ("glsl: fix up location setting for variables pointing to a UBO's base")
Signed-off-by: Mike Blumenkrantz <michael.blumenkrantz at gmail.com>
Signed-off-by: Andrii Simiklit <andrii.simiklit at globallogic.com>
Part-of: <https://gitlab.freedesktop.org/mesa/mesa/-/merge_requests/7376>
(cherry picked from commit a941618a1fc361ad6089753b39dc3bcea71d8fe9)
---
.pick_status.json | 2 +-
src/compiler/glsl/gl_nir_link_uniforms.c | 10 ++++++----
2 files changed, 7 insertions(+), 5 deletions(-)
diff --git a/.pick_status.json b/.pick_status.json
index 4c67a8de0da..7b16f5387d5 100644
--- a/.pick_status.json
+++ b/.pick_status.json
@@ -1939,7 +1939,7 @@
"description": "glsl: avoid an out-of-bound access while setting up a location for variable",
"nominated": true,
"nomination_type": 1,
- "resolution": 0,
+ "resolution": 1,
"master_sha": null,
"because_sha": "47c358233d45747def3b796c37ae92df86860141"
},
diff --git a/src/compiler/glsl/gl_nir_link_uniforms.c b/src/compiler/glsl/gl_nir_link_uniforms.c
index f8a6cc8728e..cd26cb33fce 100644
--- a/src/compiler/glsl/gl_nir_link_uniforms.c
+++ b/src/compiler/glsl/gl_nir_link_uniforms.c
@@ -1776,19 +1776,21 @@ gl_nir_link_uniforms(struct gl_context *ctx,
break;
}
assert(found);
- } else
+ var->data.location = location;
+ } else {
/* this is the base block offset */
- location = buffer_block_index;
+ var->data.location = buffer_block_index;
+ location = 0;
+ }
assert(buffer_block_index >= 0);
const struct gl_uniform_block *const block =
&blocks[buffer_block_index];
- assert(location != -1);
+ assert(location >= 0 && location < block->NumUniforms);
const struct gl_uniform_buffer_variable *const ubo_var =
&block->Uniforms[location];
state.offset = ubo_var->Offset;
- var->data.location = location;
}
/* Check if the uniform has been processed already for
More information about the mesa-commit
mailing list