Mesa (master): intel/vec4: fix out of bounds read
GitLab Mirror
gitlab-mirror at kemper.freedesktop.org
Thu Jul 30 10:59:36 UTC 2020
Module: Mesa
Branch: master
Commit: cb19fe24d361991104f8dcf54d1e807998766be1
URL: http://cgit.freedesktop.org/mesa/mesa/commit/?id=cb19fe24d361991104f8dcf54d1e807998766be1
Author: Marcin Ślusarz <marcin.slusarz at intel.com>
Date: Fri Jul 24 20:13:00 2020 +0200
intel/vec4: fix out of bounds read
NIR_MAX_VEC_COMPONENTS was bumped from 4 to 16 in a8ec4082
(2019.03.09, merged 2019.12.21)
float[4] array was added in acd7796a
(2019.06.11, merged 2019.07.11)
Found by Coverity.
Closes: https://gitlab.freedesktop.org/mesa/mesa/-/issues/3014
Signed-off-by: Marcin Ślusarz <marcin.slusarz at intel.com>
Fixes: a8ec4082a41 ("nir+vtn: vec8+vec16 support")
Reviewed-by: Lionel Landwerlin <lionel.g.landwerlin at intel.com>
Part-of: <https://gitlab.freedesktop.org/mesa/mesa/-/merge_requests/6067>
---
src/intel/compiler/brw_vec4_nir.cpp | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/intel/compiler/brw_vec4_nir.cpp b/src/intel/compiler/brw_vec4_nir.cpp
index 13a5d2f4fa9..607cfc24d9c 100644
--- a/src/intel/compiler/brw_vec4_nir.cpp
+++ b/src/intel/compiler/brw_vec4_nir.cpp
@@ -999,7 +999,7 @@ try_immediate_source(const nir_alu_instr *instr, src_reg *op,
case BRW_REGISTER_TYPE_F: {
int first_comp = -1;
- float f[4] = { 0.0f, 0.0f, 0.0f, 0.0f };
+ float f[NIR_MAX_VEC_COMPONENTS] = { 0.0f };
bool is_scalar = true;
for (unsigned i = 0; i < NIR_MAX_VEC_COMPONENTS; i++) {
More information about the mesa-commit
mailing list