[Mesa-dev] [PATCH] prog_parameter.c ASAN Patch

Mon Jun 17 08:13:46 PDT 2013

On 06/14/2013 05:12 PM, Myles C. Maxfield wrote:
> Sorry for the triple post; I received a bounce email the first time and got sent to the spam folder the second time, so I'm trying a third time.
>
> Hello, all. I was running Mesa with Address Sanitizer [1] turned on, and found one place where ASAN pointed out a read-before-initialized problem. In particular, in _mesa_add_parameter, in prog_parameter.c, |values| represents an array holding a variable number of values. These values get copied out of the array 4 at a time with the COPY_4V macro, however, the array might only contain a single element. In this case, ASAN reports a read-before-initialize because the last 3 of the 4 elements haven't been written to yet. I was hoping to contribute a patch that will silence this problem that ASAN reports. I'm happy to incorporate any feedback anyone has into this patch.
>
> Thanks,
> Myles C. Maxfield
>
> [1]https://code.google.com/p/address-sanitizer/
>
> diff --git a/src/mesa/program/prog_parameter.c b/src/mesa/program/prog_parameter.c
> index 2018fa5..63915fb 100644
> --- a/src/mesa/program/prog_parameter.c
> +++ b/src/mesa/program/prog_parameter.c
> @@ -158,7 +158,17 @@ _mesa_add_parameter(struct gl_program_parameter_list *paramList,
>            p->DataType = datatype;
>            p->Flags = flags;
>            if (values) {
> -            COPY_4V(paramList->ParameterValues[oldNum + i], values);
> +            if (size & 3) {
> +              for (j = 0; j < size; j++) {
> +                paramList->ParameterValues[oldNum + i][j] = values[j];
> +              }
> +              /* silence asan */
> +              for (j = size; j < 4; j++) {
> +                paramList->ParameterValues[oldNum + i][j].f = 0;
> +              }
> +            } else {
> +              COPY_4V(paramList->ParameterValues[oldNum + i], values);
> +            }
>               values += 4;
>               p->Initialized = GL_TRUE;
>            }

The value of 'size' can actually be greater than 4 (IIRC, and the 
function comment are still correct).  For example, for a matrix, 
size=16.  So the first for-loop should be fixed, just to be safe.

In the commit message, let's not use "ASAN" since it's not obvious that 
it means Address Sanitizer.

-Brian