[Mesa-dev] [PATCH] i965/ir: Fix invalid bblock_t pointer dereference in dead_control_flow_eliminate.
Matt Turner
mattst88 at gmail.com
Wed Mar 30 20:37:13 UTC 2016
On Wed, Mar 16, 2016 at 10:40 AM, Francisco Jerez <currojerez at riseup.net> wrote:
> For the first basic block in the program 'block->prev()' would return
> an incorrectly cast list head sentinel and the subsequent
> 'prev_block->end()' dereference would read invalid memory. Introduced
> in c7deee69ea6f64ea5b563985bf19d9deebe73b5b.
>
> CC: Ian Romanick <ian.d.romanick at intel.com>
> ---
> src/mesa/drivers/dri/i965/brw_dead_control_flow.cpp | 5 +++--
> 1 file changed, 3 insertions(+), 2 deletions(-)
>
> diff --git a/src/mesa/drivers/dri/i965/brw_dead_control_flow.cpp b/src/mesa/drivers/dri/i965/brw_dead_control_flow.cpp
> index 75c7be3..73aa1a9 100644
> --- a/src/mesa/drivers/dri/i965/brw_dead_control_flow.cpp
> +++ b/src/mesa/drivers/dri/i965/brw_dead_control_flow.cpp
> @@ -43,9 +43,10 @@ dead_control_flow_eliminate(backend_shader *s)
> bool progress = false;
>
> foreach_block_safe (block, s->cfg) {
> - bblock_t *prev_block = block->prev();
> + bblock_t *const prev_block = block->num ? block->prev() : NULL;
> backend_instruction *const inst = block->start();
> - backend_instruction *const prev_inst = prev_block->end();
> + backend_instruction *const prev_inst =
> + prev_block ? prev_block->end() : NULL;
>
> /* ENDIF instructions, by definition, can only be found at the start of
> * basic blocks.
> --
> 2.7.0
Reviewed-by: Matt Turner <mattst88 at gmail.com>
More information about the mesa-dev
mailing list