[Mesa-dev] [PATCH] gallium/tgsi: fix oob access in parse instruction
Marc-André Lureau
mlureau at redhat.com
Mon Jan 23 08:17:53 UTC 2017
Hi
----- Original Message -----
> When parsing texture instruction, it doesn't stop if the
> 'cur' is ',', the loop variable 'i' will also be increased
> and be used to index the 'inst.TexOffsets' array. This can lead
> an oob access issue. This patch avoid this.
>
> Signed-off-by: Li Qiang <liq3ea at gmail.com>
> ---
> src/gallium/auxiliary/tgsi/tgsi_text.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/src/gallium/auxiliary/tgsi/tgsi_text.c
> b/src/gallium/auxiliary/tgsi/tgsi_text.c
> index 308e6b5..4ed9050 100644
> --- a/src/gallium/auxiliary/tgsi/tgsi_text.c
> +++ b/src/gallium/auxiliary/tgsi/tgsi_text.c
> @@ -1163,7 +1163,7 @@ parse_instruction(
>
> cur = ctx->cur;
> eat_opt_white( &cur );
> - for (i = 0; inst.Instruction.Texture && *cur == ','; i++) {
> + for (i = 0; inst.Instruction.Texture && *cur == ',' && i <
> TGSI_FULL_MAX_TEX_OFFSETS; i++) {
> cur++;
> eat_opt_white( &cur );
> ctx->cur = cur;
Shoundn't it report_error() and return FALSE in this case?
More information about the mesa-dev
mailing list