[Mesa-dev] [PATCH V2] mesa: don't memcmp() off the end of a cache key.

[Chris Forbes]

Reported-by: `per` in #intel-gfx

The size of the cache key varies, so store the actual size as well as
the key blob itself, rather than just assuming it's the same as the size
passed in.

NOTE: This is a candidate for stable branches.

V2: Don't leave silly holes in structure; use unsigned instead of
GLuint.

Signed-off-by: Chris Forbes <chrisf at ijw.co.nz>
---
 src/mesa/program/prog_cache.c | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/src/mesa/program/prog_cache.c b/src/mesa/program/prog_cache.c
index 47f926b..1041f35 100644
--- a/src/mesa/program/prog_cache.c
+++ b/src/mesa/program/prog_cache.c
@@ -37,6 +37,7 @@
 struct cache_item
 {
    GLuint hash;
+   unsigned keysize;
    void *key;
    struct gl_program *program;
    struct cache_item *next;
@@ -183,7 +184,10 @@ _mesa_search_program_cache(struct gl_program_cache *cache,
       struct cache_item *c;
 
       for (c = cache->items[hash % cache->size]; c; c = c->next) {
-         if (c->hash == hash && memcmp(c->key, key, keysize) == 0) {
+         if (c->hash == hash &&
+            c->keysize == keysize &&
+            memcmp(c->key, key, keysize) == 0) {
+
             cache->last = c;
             return c->program;
          }
@@ -207,6 +211,7 @@ _mesa_program_cache_insert(struct gl_context *ctx,
 
    c->key = malloc(keysize);
    memcpy(c->key, key, keysize);
+   c->keysize = keysize;
 
    c->program = program;  /* no refcount change */
 
@@ -235,6 +240,7 @@ _mesa_shader_cache_insert(struct gl_context *ctx,
 
    c->key = malloc(keysize);
    memcpy(c->key, key, keysize);
+   c->keysize = keysize;
 
    c->program = (struct gl_program *)program;  /* no refcount change */
 
-- 
1.8.2