[Mesa-dev] [PATCH] r600: Fix stack overflow

Mon Jan 30 14:31:48 UTC 2017

On 30.01.2017 14:07, Bartosz Tomczyk wrote:
> Commit 7b5878ee0491e7a93914389a8369cd6752b9757d increased number of
> outputs to 64, but left output array intact. This caused stack overflow
> when number of outputs is bigger then 32. Found by ASAN.

Pushed, thanks!

> ---
>  src/gallium/drivers/r600/r600_shader.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/src/gallium/drivers/r600/r600_shader.c b/src/gallium/drivers/r600/r600_shader.c
> index b692e7f4a1..b80a3f8b62 100644
> --- a/src/gallium/drivers/r600/r600_shader.c
> +++ b/src/gallium/drivers/r600/r600_shader.c
> @@ -2924,7 +2924,7 @@ static int r600_shader_from_tgsi(struct r600_context *rctx,
>  	struct pipe_stream_output_info so = pipeshader->selector->so;
>  	struct tgsi_full_immediate *immediate;
>  	struct r600_shader_ctx ctx;
> -	struct r600_bytecode_output output[32];
> +	struct r600_bytecode_output output[ARRAY_SIZE(shader->output)];
>  	unsigned output_done, noutput;
>  	unsigned opcode;
>  	int i, j, k, r = 0;
>