[Mesa-dev] [PATCH] r600/sb: fix crash in fold_alu_op3

Dave Airlie airlied at gmail.com
Wed Jul 4 06:36:53 UTC 2018

On 4 July 2018 at 12:44,  <sroland at vmware.com> wrote:
> From: Roland Scheidegger <sroland at vmware.com>
> fold_assoc() called from fold_alu_op3() can lower the number of src to 2,
> which then leads to an invalid access to n.src[2]->gvalue().
> This didn't seem to have caused much harm in the past, but on Fedora 28
> it will crash (presumably because -D_GLIBCXX_ASSERTIONS is used, although
> with libstdc++ 4.8.5 this didn't do anything, -D_GLIBCXX_DEBUG was
> needed to show the issue).
> An alternative fix would be to instead call fold_alu_op2() from within
> fold_assoc() when the number of src is reduced and return always TRUE
> from fold_assoc() in this case, with the only actual difference being
> the return value from fold_alu_op3() then. I'm not sure what the return
> value actually should be in this case (or whether it even can make a
> difference).
> https://bugs.freedesktop.org/show_bug.cgi?id=106928
> Cc: mesa-stable at lists.freedesktop.org

Reviewed-by: Dave Airlie <airlied at redhat.com>


More information about the mesa-dev mailing list