[Mesa-dev] [Bug 91290] SIGSEGV glcpp/glcpp-parse.y:1077

bugzilla-daemon at freedesktop.org bugzilla-daemon at freedesktop.org
Thu Jul 9 22:17:42 PDT 2015 

https://bugs.freedesktop.org/show_bug.cgi?id=91290

            Bug ID: 91290
           Summary: SIGSEGV glcpp/glcpp-parse.y:1077
           Product: Mesa
           Version: git
          Hardware: x86-64 (AMD64)
                OS: All
            Status: NEW
          Keywords: have-backtrace
          Severity: normal
          Priority: medium
         Component: Mesa core
          Assignee: mesa-dev at lists.freedesktop.org
          Reporter: vlee at freedesktop.org
        QA Contact: mesa-dev at lists.freedesktop.org

mesa: f12302b89836a24255674a251f7a6902b4e9af7c (master 10.7.0-devel)

This minimum shader triggers a null pointer dereference in the GLSL compiler.

<frag>
#define A 1 /* comment */
#define A 1 /* comment */
</frag>

(gdb) bt
#0  _token_list_equal_ignoring_space (b=<optimized out>, a=<optimized out>) at
glcpp/glcpp-parse.y:1077
#1  _macro_equal (a=0x20863a0, b=0x2086080) at glcpp/glcpp-parse.y:2112
#2  0x0000000000498117 in _define_object_macro (parser=parser at entry=0x2082110,
loc=loc at entry=0x7ffe7e7b0414, identifier=0x2086150 "A", 
    replacements=0x2086240) at glcpp/glcpp-parse.y:2141
#3  0x000000000049b966 in glcpp_parser_parse (parser=parser at entry=0x2082110) at
glcpp/glcpp-parse.y:254
#4  0x00000000004637f2 in glcpp_preprocess (ralloc_ctx=0x2081790,
shader=0x7ffe7e7b14b0, info_log=0x20819b0, 
    extensions=<optimized out>, gl_ctx=<optimized out>) at glcpp/pp.c:226
#5  0x0000000000428ef4 in _mesa_glsl_compile_shader (ctx=0x7ffe7e7b1540,
shader=0x2080b70, dump_ast=<optimized out>, 
    dump_hir=<optimized out>) at glsl_parser_extras.cpp:1504
#6  0x0000000000406345 in compile_shader (ctx=0x7ffe7e7b1540, shader=0x2080b70)
at main.cpp:293
#7  0x000000000040437f in main (argc=2, argv=0x7ffe7e7d4528) at main.cpp:392
(gdb) frame 0
#0  _token_list_equal_ignoring_space (b=<optimized out>, a=<optimized out>) at
glcpp/glcpp-parse.y:1077
1077                while (node_a->token->type == SPACE)
(gdb) print node_a
$2 = (token_node_t *) 0x0

-- 
You are receiving this mail because:
You are the QA Contact for the bug.
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freedesktop.org/archives/mesa-dev/attachments/20150710/c4b7ab25/attachment-0001.html>

More information about the mesa-dev mailing list