[Mesa-dev] [PATCH 1/1] glsl/blob: handle copy of NULL ptr in blob_write_string

Timothy Arceri tarceri at itsqueeze.com
Fri Mar 31 08:16:10 UTC 2017 


On 31/03/17 18:00, gregory hainaut wrote:
> On Fri, 31 Mar 2017 08:24:36 +0200
> Nicolai Hähnle <nhaehnle at gmail.com> wrote:
>
> Hello Nicolai
>
>> On 30.03.2017 21:55, Gregory Hainaut wrote:
>>> Typically happen when we want to copy an unnamed shader parameter
>>> in the shader cache.
>>
>> So this happens only when blob_write_string is called from nouveau?
>
> Sorry, I poorly explain myself. I should have written reproduce &
> tested on Nouveau. I don't know for others drivers, they should be
> impacted.
>
> _mesa_add_parameter seems to allow to store a NULL pointer in p->Name.
> Which is later written by blob_write_string. I guess it could
> depends on the shader cache state.
>
>
> I got the crash with this piglit test:
> textureGather fs offsets r 0 float 2D repeat -auto -fb

Others have reported this crashing on Nouveau. I haven't seen the 
problem on radeonsi or i965.

>
>
>> By the way, please setup send-mail so that it threads your mails.
>> That should be the default, so I'm not sure what happened here...
> Oh. I edited my email in the mailer queue which moved the email from my
> pop3 to my imap account. I guess it broke the threading link. I will
> be more careful next time.
>
> Thanks
>
>
>> Thanks,
>> Nicolai
>
>>>
>>> Note: it is safer to copy an empty string so we can read it back
>>> safely.
>>>
>>> Fix piglit crashes of the 'texturegatheroffsets' tests
>>>
>>> Signed-off-by: Gregory Hainaut <gregory.hainaut at gmail.com>
>>> ---
>>>  src/compiler/glsl/blob.c | 5 ++++-
>>>  1 file changed, 4 insertions(+), 1 deletion(-)
>>>
>>> diff --git a/src/compiler/glsl/blob.c b/src/compiler/glsl/blob.c
>>> index 769ebf1..f84d7f3 100644
>>> --- a/src/compiler/glsl/blob.c
>>> +++ b/src/compiler/glsl/blob.c
>>> @@ -176,7 +176,10 @@ blob_write_intptr(struct blob *blob, intptr_t
>>> value) bool
>>>  blob_write_string(struct blob *blob, const char *str)
>>>  {
>>> -   return blob_write_bytes(blob, str, strlen(str) + 1);
>>> +   if (str == NULL)
>>> +      return blob_write_bytes(blob, "", 1);
>>> +   else
>>> +      return blob_write_bytes(blob, str, strlen(str) + 1);
>>>  }
>>>
>>>  void
>>>
>>
>>

More information about the mesa-dev mailing list