[Mesa-dev] [PATCH] spirv: Properly size the src[] array.
Jason Ekstrand
jason at jlekstrand.net
Mon May 16 22:38:40 UTC 2016
On Mon, May 16, 2016 at 12:50 PM, Matt Turner <mattst88 at gmail.com> wrote:
> Operations like nir_op_bitfield_insert have four arguments, leading to
> memory corruption.
>
> Found by Coverity (CID 1358582).
> ---
> src/compiler/spirv/spirv_to_nir.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/src/compiler/spirv/spirv_to_nir.c
> b/src/compiler/spirv/spirv_to_nir.c
> index c65f971..56948bf 100644
> --- a/src/compiler/spirv/spirv_to_nir.c
> +++ b/src/compiler/spirv/spirv_to_nir.c
> @@ -1036,7 +1036,7 @@ vtn_handle_constant(struct vtn_builder *b, SpvOp
> opcode,
> unsigned bit_size =
> glsl_get_bit_size(val->const_type);
>
> - nir_const_value src[3];
> + nir_const_value src[4];
>
While I'm sure coverity can't see this, it's not actually a bug. All of
the opcodes that will ever be used here have 1 or 2 arguments with the
single exception of bcsel.
I don't have a problem with expanding the array but it's not a bug.
> assert(count <= 7);
> for (unsigned i = 0; i < count - 4; i++) {
> nir_constant *c =
> --
> 2.7.3
>
> _______________________________________________
> mesa-dev mailing list
> mesa-dev at lists.freedesktop.org
> https://lists.freedesktop.org/mailman/listinfo/mesa-dev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.freedesktop.org/archives/mesa-dev/attachments/20160516/21397327/attachment.html>
More information about the mesa-dev
mailing list