[Mesa-dev] [PATCH 1/3] r600g: increase array size for shader inputs and outputs

Marek Olšák maraeo at gmail.com
Wed May 1 20:45:06 PDT 2013


and add assertions to prevent buffer overflow. This fixes corruption
of the r600_shader struct.

NOTE: This is a candidate for the stable branches.
---
 src/gallium/drivers/r600/r600_shader.c |    2 ++
 src/gallium/drivers/r600/r600_shader.h |    4 ++--
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/src/gallium/drivers/r600/r600_shader.c b/src/gallium/drivers/r600/r600_shader.c
index fd3fe39..baa39ab 100644
--- a/src/gallium/drivers/r600/r600_shader.c
+++ b/src/gallium/drivers/r600/r600_shader.c
@@ -940,6 +940,7 @@ static int tgsi_declaration(struct r600_shader_ctx *ctx)
 	switch (d->Declaration.File) {
 	case TGSI_FILE_INPUT:
 		i = ctx->shader->ninput;
+                assert(i < Elements(ctx->shader->input));
 		ctx->shader->ninput += count;
 		ctx->shader->input[i].name = d->Semantic.Name;
 		ctx->shader->input[i].sid = d->Semantic.Index;
@@ -971,6 +972,7 @@ static int tgsi_declaration(struct r600_shader_ctx *ctx)
 		break;
 	case TGSI_FILE_OUTPUT:
 		i = ctx->shader->noutput++;
+                assert(i < Elements(ctx->shader->output));
 		ctx->shader->output[i].name = d->Semantic.Name;
 		ctx->shader->output[i].sid = d->Semantic.Index;
 		ctx->shader->output[i].gpr = ctx->file_offset[TGSI_FILE_OUTPUT] + d->Range.First;
diff --git a/src/gallium/drivers/r600/r600_shader.h b/src/gallium/drivers/r600/r600_shader.h
index 411667a..d989ce4 100644
--- a/src/gallium/drivers/r600/r600_shader.h
+++ b/src/gallium/drivers/r600/r600_shader.h
@@ -45,8 +45,8 @@ struct r600_shader {
 	unsigned		ninput;
 	unsigned		noutput;
 	unsigned		nlds;
-	struct r600_shader_io	input[32];
-	struct r600_shader_io	output[32];
+	struct r600_shader_io	input[40];
+	struct r600_shader_io	output[40];
 	boolean			uses_kill;
 	boolean			fs_write_all;
 	boolean			two_side;
-- 
1.7.10.4



More information about the mesa-dev mailing list