[Mesa-dev] [PATCH] i965/ir: Fix invalid bblock_t pointer dereference in dead_control_flow_eliminate.
Francisco Jerez
currojerez at riseup.net
Wed Mar 30 20:43:44 UTC 2016
Matt Turner <mattst88 at gmail.com> writes:
> On Wed, Mar 16, 2016 at 10:40 AM, Francisco Jerez <currojerez at riseup.net> wrote:
>> For the first basic block in the program 'block->prev()' would return
>> an incorrectly cast list head sentinel and the subsequent
>> 'prev_block->end()' dereference would read invalid memory. Introduced
>> in c7deee69ea6f64ea5b563985bf19d9deebe73b5b.
>>
>> CC: Ian Romanick <ian.d.romanick at intel.com>
>> ---
>> src/mesa/drivers/dri/i965/brw_dead_control_flow.cpp | 5 +++--
>> 1 file changed, 3 insertions(+), 2 deletions(-)
>>
>> diff --git a/src/mesa/drivers/dri/i965/brw_dead_control_flow.cpp b/src/mesa/drivers/dri/i965/brw_dead_control_flow.cpp
>> index 75c7be3..73aa1a9 100644
>> --- a/src/mesa/drivers/dri/i965/brw_dead_control_flow.cpp
>> +++ b/src/mesa/drivers/dri/i965/brw_dead_control_flow.cpp
>> @@ -43,9 +43,10 @@ dead_control_flow_eliminate(backend_shader *s)
>> bool progress = false;
>>
>> foreach_block_safe (block, s->cfg) {
>> - bblock_t *prev_block = block->prev();
>> + bblock_t *const prev_block = block->num ? block->prev() : NULL;
>> backend_instruction *const inst = block->start();
>> - backend_instruction *const prev_inst = prev_block->end();
>> + backend_instruction *const prev_inst =
>> + prev_block ? prev_block->end() : NULL;
>>
>> /* ENDIF instructions, by definition, can only be found at the start of
>> * basic blocks.
>> --
>> 2.7.0
>
> Reviewed-by: Matt Turner <mattst88 at gmail.com>
Thanks!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 212 bytes
Desc: not available
URL: <https://lists.freedesktop.org/archives/mesa-dev/attachments/20160330/18c0262c/attachment.sig>
More information about the mesa-dev
mailing list