[Mesa-dev] [PATCH 1/2] r600g, radeonsi: Fix calculation of IR target cap string buffer size
Michel Dänzer
michel at daenzer.net
Wed Jan 21 19:41:35 PST 2015
From: Michel Dänzer <michel.daenzer at amd.com>
Fixes writing beyond the allocated buffer:
==31855== Invalid write of size 1
==31855== at 0x50AB2A9: vsprintf (iovsprintf.c:43)
==31855== by 0x508F6F6: sprintf (sprintf.c:32)
==31855== by 0xB59C7EC: r600_get_compute_param (r600_pipe_common.c:526)
==31855== by 0x5B2B7DE: get_compute_param<char> (device.cpp:37)
==31855== by 0x5B2B7DE: clover::device::ir_target() const (device.cpp:201)
==31855== by 0x5B398E0: clover::program::build(clover::ref_vector<clover::device> const&, char const*, clover::compat::vector<clover::compat::pair<clover::compat::string, clover::compat::string> > const&) (program.cpp:63)
==31855== by 0x5B20152: clBuildProgram (program.cpp:182)
==31855== by 0x400F41: main (hello_world.c:109)
==31855== Address 0x56fed5f is 0 bytes after a block of size 15 alloc'd
==31855== at 0x4C29180: operator new(unsigned long) (vg_replace_malloc.c:324)
==31855== by 0x5B2B7C2: allocate (new_allocator.h:104)
==31855== by 0x5B2B7C2: allocate (alloc_traits.h:357)
==31855== by 0x5B2B7C2: _M_allocate (stl_vector.h:170)
==31855== by 0x5B2B7C2: _M_create_storage (stl_vector.h:185)
==31855== by 0x5B2B7C2: _Vector_base (stl_vector.h:136)
==31855== by 0x5B2B7C2: vector (stl_vector.h:278)
==31855== by 0x5B2B7C2: get_compute_param<char> (device.cpp:35)
==31855== by 0x5B2B7C2: clover::device::ir_target() const (device.cpp:201)
==31855== by 0x5B398E0: clover::program::build(clover::ref_vector<clover::device> const&, char const*, clover::compat::vector<clover::compat::pair<clover::compat::string, clover::compat::string> > const&) (program.cpp:63)
==31855== by 0x5B20152: clBuildProgram (program.cpp:182)
==31855== by 0x400F41: main (hello_world.c:109)
Signed-off-by: Michel Dänzer <michel.daenzer at amd.com>
---
src/gallium/drivers/radeon/r600_pipe_common.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/gallium/drivers/radeon/r600_pipe_common.c b/src/gallium/drivers/radeon/r600_pipe_common.c
index f91772e..ddb4142 100644
--- a/src/gallium/drivers/radeon/r600_pipe_common.c
+++ b/src/gallium/drivers/radeon/r600_pipe_common.c
@@ -524,9 +524,9 @@ static int r600_get_compute_param(struct pipe_screen *screen,
}
if (ret) {
sprintf(ret, "%s-%s", gpu, triple);
-
}
- return (strlen(triple) + strlen(gpu)) * sizeof(char);
+ /* +2 for dash and terminating NIL byte */
+ return (strlen(triple) + strlen(gpu) + 2) * sizeof(char);
}
case PIPE_COMPUTE_CAP_GRID_DIMENSION:
if (ret) {
--
2.1.4
More information about the mesa-dev
mailing list