[Mesa-dev] [PATCH] spirv: Properly size the src[] array.

Mon May 16 19:50:13 UTC 2016

Operations like nir_op_bitfield_insert have four arguments, leading to
memory corruption.

Found by Coverity (CID 1358582).
---
 src/compiler/spirv/spirv_to_nir.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/compiler/spirv/spirv_to_nir.c b/src/compiler/spirv/spirv_to_nir.c
index c65f971..56948bf 100644
--- a/src/compiler/spirv/spirv_to_nir.c
+++ b/src/compiler/spirv/spirv_to_nir.c
@@ -1036,7 +1036,7 @@ vtn_handle_constant(struct vtn_builder *b, SpvOp opcode,
          unsigned bit_size =
             glsl_get_bit_size(val->const_type);
 
-         nir_const_value src[3];
+         nir_const_value src[4];
          assert(count <= 7);
          for (unsigned i = 0; i < count - 4; i++) {
             nir_constant *c =
-- 
2.7.3

