[Mesa-dev] [Bug 52996] Read out of bounds in swizzle_for_size() (MesaLib/src/mesa/program/ir_to_mesa.cpp)
bugzilla-daemon at freedesktop.org
bugzilla-daemon at freedesktop.org
Fri Aug 31 08:03:18 PDT 2012
https://bugs.freedesktop.org/show_bug.cgi?id=52996
--- Comment #3 from Alexander Potapenko <glider at google.com> 2012-08-31 15:03:18 UTC ---
I've managed to reproduce this locally.
Inserting fprintf() calls into
third_party/mesa/MesaLib/src/mesa/program/ir_to_mesa.cpp shows that
swizzle_for_size(0) is really called for some ir type named Nesting2:
ir->type->name: Nesting2
swizzle_for_size(0)
=================================================================
==5641== ERROR: AddressSanitizer global-buffer-overflow on address
0x7fcd7760bc7c at pc 0x7fcd771ed9b3 bp 0x7fff035d6e10 sp 0x7fff035d6e08
READ of size 4 at 0x7fcd7760bc7c thread T0
#0 0x7fcd771ed9b2 in swizzle_for_size(int)
/usr/local/google/chrome-asan/src/out/Release/../../third_party/mesa/MesaLib/src/mesa/program/ir_to_mesa.cpp:319
#1 0x7fcd771ed701 in ir_to_mesa_visitor::visit(ir_dereference_record*)
/usr/local/google/chrome-asan/src/out/Release/../../third_party/mesa/MesaLib/src/mesa/program/ir_to_mesa.cpp:1547
#2 0x7fcd771edadd in ir_to_mesa_visitor::visit(ir_assignment*)
/usr/local/google/chrome-asan/src/out/Release/../../third_party/mesa/MesaLib/src/mesa/program/ir_to_mesa.cpp:1591
#3 0x7fcd771dca42 in ir_to_mesa_visitor::visit(ir_function*)
/usr/local/google/chrome-asan/src/out/Release/../../third_party/mesa/MesaLib/src/mesa/program/ir_to_mesa.cpp:1020
#4 0x7fcd77412d29 in visit_exec_list(exec_list*, ir_visitor*)
/usr/local/google/chrome-asan/src/out/Release/../../third_party/mesa/MesaLib/src/glsl/ir.cpp:1200
...
Please let me know how else I can help.
--
Configure bugmail: https://bugs.freedesktop.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the mesa-dev
mailing list