[Mesa-dev] [Mesa-stable] [PATCH 1/4] glsl: Fix crash due to negative array index
Emil Velikov
emil.l.velikov at gmail.com
Wed Oct 22 12:33:09 PDT 2014
Hi Anuj,
Afaics the series is yet to land on master, this I've not pulled it for
the stable branch. Is the lack of review holding it back ?
Gents can anyone take a look at/review the series ?
Thanks
Emil
On 22/09/14 23:57, Anuj Phogat wrote:
> Currently Mesa crashes with a shader like this:
>
> [fragmnet shader]
> float[5] array;
> int idx = -2;
> void main()
> {
> gl_FragColor = vec4(0.0, 1.0, 0.0, array[idx]);
> }
>
> Cc: <mesa-stable at lists.freedesktop.org>
> Signed-off-by: Anuj Phogat <anuj.phogat at gmail.com>
> ---
> src/glsl/opt_array_splitting.cpp | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/src/glsl/opt_array_splitting.cpp b/src/glsl/opt_array_splitting.cpp
> index ebb076b..9e73f3c 100644
> --- a/src/glsl/opt_array_splitting.cpp
> +++ b/src/glsl/opt_array_splitting.cpp
> @@ -295,7 +295,7 @@ ir_array_splitting_visitor::split_deref(ir_dereference **deref)
> ir_constant *constant = deref_array->array_index->as_constant();
> assert(constant);
>
> - if (constant->value.i[0] < (int)entry->size) {
> + if (constant->value.i[0] >= 0 && constant->value.i[0] < (int)entry->size) {
> *deref = new(entry->mem_ctx)
> ir_dereference_variable(entry->components[constant->value.i[0]]);
> } else {
>
More information about the mesa-dev
mailing list