[Mesa-dev] [PATCH] glsl: avoid stack smashing when there are too many attributes
Ilia Mirkin
imirkin at alum.mit.edu
Sun Mar 6 17:21:19 UTC 2016
This fixes a crash in
dEQP-GLES3.functional.transform_feedback.array_element.separate.points.lowp_mat3x2
and likely others. The vertex shader has > 16 input variables (without
explicit locations), which causes us to index outside of the to_assign
array.
Signed-off-by: Ilia Mirkin <imirkin at alum.mit.edu>
Cc: "11.1 11.2" <mesa-stable at lists.freedesktop.org>
---
Not sure if this is the right thing or whether we should be making the to_assign array dynamically resizable. This definitely fixes the crashes though.
src/compiler/glsl/linker.cpp | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/src/compiler/glsl/linker.cpp b/src/compiler/glsl/linker.cpp
index 3039232..f0d8507 100644
--- a/src/compiler/glsl/linker.cpp
+++ b/src/compiler/glsl/linker.cpp
@@ -2625,6 +2625,11 @@ assign_attribute_or_color_locations(gl_shader_program *prog,
continue;
}
+ if (num_attr >= ARRAY_SIZE(to_assign)) {
+ linker_error(prog, "too many attributes (max %zu)",
+ ARRAY_SIZE(to_assign));
+ return false;
+ }
to_assign[num_attr].slots = slots;
to_assign[num_attr].var = var;
num_attr++;
--
2.4.10
More information about the mesa-dev
mailing list