[Mesa-dev] [PATCH 66/65] glsl: avoid buffer overflow in cache sha creation

Timothy Arceri timothy.arceri at collabora.com
Sat Apr 30 02:17:08 UTC 2016 

A program may contain multiple shaders from each stage so use
ralloc to avoid buffer overflow.
---

 This fixes the issue I was having running shader-db it now successfully
 finishes compiling all programs.

 src/compiler/glsl/shader_cache.cpp | 19 +++++++++----------
 1 file changed, 9 insertions(+), 10 deletions(-)

diff --git a/src/compiler/glsl/shader_cache.cpp b/src/compiler/glsl/shader_cache.cpp
index 52301b7..8c07885 100644
--- a/src/compiler/glsl/shader_cache.cpp
+++ b/src/compiler/glsl/shader_cache.cpp
@@ -1071,9 +1071,8 @@ shader_cache_read_program_metadata(struct gl_context *ctx,
                                    struct gl_shader_program *prog)
 {
    const char *stage_name[] = { "vs", "tcs", "tes", "gs", "fs", "cs" };
-   char buf[256], sha1buf[41];
+   char *buf, sha1buf[41];
    unsigned char sha1[20];
-   int offset = 0;
    uint8_t *buffer;
    struct program_cache *cache;
    size_t size;
@@ -1107,21 +1106,21 @@ shader_cache_read_program_metadata(struct gl_context *ctx,
    _mesa_sha1_compute(bindings_str, strlen(bindings_str), sha1);
    ralloc_free(bindings_str);
 
-   offset += snprintf(buf + offset, sizeof(buf) - offset,
-                      "bindings: %s\n",
-                      _mesa_sha1_format(sha1buf, sha1));
+   buf = ralloc_strdup(NULL, "bindings: ");
+   ralloc_asprintf_append(&buf, "%s\n", _mesa_sha1_format(sha1buf, sha1));
 
    for (unsigned i = 0; i < prog->NumShaders; i++) {
       if (prog->Shaders[i]->Source == NULL)
          return false;
 
-      offset += snprintf(buf + offset, sizeof(buf) - offset,
-                         "%s: %s\n",
-                         stage_name[prog->Shaders[i]->Stage],
-                         _mesa_sha1_format(sha1buf, prog->Shaders[i]->sha1));
+      ralloc_asprintf_append(&buf, "%s: %s\n",
+                             stage_name[prog->Shaders[i]->Stage],
+                             _mesa_sha1_format(sha1buf,
+                                               prog->Shaders[i]->sha1));
    }
+   _mesa_sha1_compute(buf, strlen(buf), prog->sha1);
+   ralloc_free(buf);
 
-   _mesa_sha1_compute(buf, offset, prog->sha1);
    buffer = (uint8_t *) cache_get(cache, prog->sha1, &size);
    if (buffer == NULL) {
       /* Cached program not found. Fall back to linking shaders but first
-- 
2.5.5

More information about the mesa-dev mailing list