Mesa (main): lima/gpir: avoid invalid write in regalloc

[GitLab Mirror]

Module: Mesa
Branch: main
Commit: 5b1584936632f9e7f21cc57746ca51cbdc526b0f
URL:    http://cgit.freedesktop.org/mesa/mesa/commit/?id=5b1584936632f9e7f21cc57746ca51cbdc526b0f

Author: Erico Nunes <nunes.erico at gmail.com>
Date:   Wed Feb  2 12:27:08 2022 +0100

lima/gpir: avoid invalid write in regalloc

Reported by gcc -fsanitize=address, sometimes gpir regalloc attempts to
handle an uninitialized node->value_reg (containing the value -1), which
results in an invalid array access.
Avoid it for now to prevent crashes, but more investigation may be
required later on.

Signed-off-by: Erico Nunes <nunes.erico at gmail.com>
Reviewed-by: Vasily Khoruzhick <anarsoul at gmail.com>
Cc: 22.0 <mesa-stable>
Part-of: <https://gitlab.freedesktop.org/mesa/mesa/-/merge_requests/14894>

---

 src/gallium/drivers/lima/ir/gp/regalloc.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/src/gallium/drivers/lima/ir/gp/regalloc.c b/src/gallium/drivers/lima/ir/gp/regalloc.c
index 8526d1e9e7d..eaab3e68182 100644
--- a/src/gallium/drivers/lima/ir/gp/regalloc.c
+++ b/src/gallium/drivers/lima/ir/gp/regalloc.c
@@ -507,6 +507,11 @@ static void handle_reg_write(gpir_store_node *store,
 static void handle_value_write(gpir_node *node,
                                struct value_regalloc_ctx *ctx)
 {
+   /* TODO: why does an uninitialized node->value_reg
+    * sometimes end up here? */
+   if (node->value_reg < 0)
+      return;
+
    ctx->last_written[node->value_reg] = node;
    ctx->live[node->value_reg] = NULL;
 }