[Mesa-dev] [PATCH] st/glsl_to_tgsi: fix potential crash when allocating temporaries
Ilia Mirkin
imirkin at alum.mit.edu
Thu Apr 28 19:11:43 UTC 2016
Cc: "11.1 11.2" <mesa-stable at lists.freedesktop.org>
Reviewed-by: Ilia Mirkin <imirkin at alum.mit.edu>
On Thu, Apr 28, 2016 at 3:09 PM, Samuel Pitoiset
<samuel.pitoiset at gmail.com> wrote:
> When index - t->temps_size is greater than 4096, allocating space for
> temporaries on demand will miserably crash. This can happen when a game
> uses a lot of temporaries like the recent released Tomb raider.
>
> Signed-off-by: Samuel Pitoiset <samuel.pitoiset at gmail.com>
> ---
> src/mesa/state_tracker/st_glsl_to_tgsi.cpp | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/src/mesa/state_tracker/st_glsl_to_tgsi.cpp b/src/mesa/state_tracker/st_glsl_to_tgsi.cpp
> index ad818a8..7ba9856 100644
> --- a/src/mesa/state_tracker/st_glsl_to_tgsi.cpp
> +++ b/src/mesa/state_tracker/st_glsl_to_tgsi.cpp
> @@ -5348,7 +5348,7 @@ dst_register(struct st_translate *t, gl_register_file file, unsigned index,
> case PROGRAM_TEMPORARY:
> /* Allocate space for temporaries on demand. */
> if (index >= t->temps_size) {
> - const int inc = 4096;
> + const int inc = align(index - t->temps_size + 1, 4096);
>
> t->temps = (struct ureg_dst*)
> realloc(t->temps,
> --
> 2.8.0
>
> _______________________________________________
> mesa-dev mailing list
> mesa-dev at lists.freedesktop.org
> https://lists.freedesktop.org/mailman/listinfo/mesa-dev
More information about the mesa-dev
mailing list