[Mesa-dev] [PATCH] i965/ir: Fix invalid bblock_t pointer dereference in dead_control_flow_eliminate.

Wed Mar 16 17:40:19 UTC 2016

For the first basic block in the program 'block->prev()' would return
an incorrectly cast list head sentinel and the subsequent
'prev_block->end()' dereference would read invalid memory.  Introduced
in c7deee69ea6f64ea5b563985bf19d9deebe73b5b.

CC: Ian Romanick <ian.d.romanick at intel.com>
---
 src/mesa/drivers/dri/i965/brw_dead_control_flow.cpp | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/src/mesa/drivers/dri/i965/brw_dead_control_flow.cpp b/src/mesa/drivers/dri/i965/brw_dead_control_flow.cpp
index 75c7be3..73aa1a9 100644
--- a/src/mesa/drivers/dri/i965/brw_dead_control_flow.cpp
+++ b/src/mesa/drivers/dri/i965/brw_dead_control_flow.cpp
@@ -43,9 +43,10 @@ dead_control_flow_eliminate(backend_shader *s)
    bool progress = false;
 
    foreach_block_safe (block, s->cfg) {
-      bblock_t *prev_block = block->prev();
+      bblock_t *const prev_block = block->num ? block->prev() : NULL;
       backend_instruction *const inst = block->start();
-      backend_instruction *const prev_inst = prev_block->end();
+      backend_instruction *const prev_inst =
+         prev_block ? prev_block->end() : NULL;
 
       /* ENDIF instructions, by definition, can only be found at the start of
        * basic blocks.
-- 
2.7.0

