[Mesa-dev] [PATCH] glsl: Fix array overflow.
Ian Romanick
idr at freedesktop.org
Fri Aug 17 20:33:58 PDT 2012
On 08/14/2012 06:40 PM, Stéphane Marchesin wrote:
> Otherwise we run past the end of the array and crash.
>
> NOTE: This is a candidate for the 8.0 branch.
>
> Signed-off-by: Stéphane Marchesin <marcheu at chromium.org>
That's funny. I completely missed this patch on the list, but ended up
writing the same thing.
The problem is that the linker does things in a slightly wonkey order:
1. Count the used samplers.
2. Allocate some uniform resources to the samplers.
3. Fail the link if too many samplers were used.
If way too many are used, step #2 will stomp on the stack (from this
loop) and crash.
My commit message looked like:
linker: Avoid buffer over-run in
parcel_out_uniform_storage::visit_field
When too may uniforms are used, the error will be caught in
check_resources (src/glsl/linker.cpp).
Could you capture at least the last bit in the commit message?
Otherwise, it has my
Reviewed-by: Ian Romanick <ian.d.romanick at intel.com>
> ---
> src/glsl/link_uniforms.cpp | 2 +-
> 1 files changed, 1 insertions(+), 1 deletions(-)
>
> diff --git a/src/glsl/link_uniforms.cpp b/src/glsl/link_uniforms.cpp
> index 25dc1d7..eef9025 100644
> --- a/src/glsl/link_uniforms.cpp
> +++ b/src/glsl/link_uniforms.cpp
> @@ -313,7 +313,7 @@ private:
> const gl_texture_index target = base_type->sampler_index();
> const unsigned shadow = base_type->sampler_shadow;
> for (unsigned i = this->uniforms[id].sampler
> - ; i < this->next_sampler
> + ; i < MIN2(this->next_sampler, MAX_SAMPLERS)
> ; i++) {
> this->targets[i] = target;
> this->shader_samplers_used |= 1U << i;
>
More information about the mesa-dev
mailing list