[Mesa-dev] [PATCH] radeonsi: fix an out-of-bounds read reported by ASAN
Nicolai Hähnle
nhaehnle at gmail.com
Fri Nov 16 17:33:11 UTC 2018
From: Nicolai Hähnle <nicolai.haehnle at amd.com>
We read 4 values out of sample_locs_8x, so make sure the array is
big enough.
Fixes: ac76aeef20 ("radeonsi: switch back to standard DX sample positions")
---
src/gallium/drivers/radeonsi/si_state_msaa.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/src/gallium/drivers/radeonsi/si_state_msaa.c b/src/gallium/drivers/radeonsi/si_state_msaa.c
index b741bcadec8..e6d97fe6727 100644
--- a/src/gallium/drivers/radeonsi/si_state_msaa.c
+++ b/src/gallium/drivers/radeonsi/si_state_msaa.c
@@ -94,20 +94,24 @@ static const uint64_t centroid_priority_2x = 0x1010101010101010ull;
/* 4x MSAA (the positions are sorted for EQAA) */
static const uint32_t sample_locs_4x =
FILL_SREG(-2,-6, 2, 6, -6, 2, 6,-2);
static const uint64_t centroid_priority_4x = 0x3210321032103210ull;
/* 8x MSAA (the positions are sorted for EQAA) */
static const uint32_t sample_locs_8x[] = {
FILL_SREG(-3,-5, 5, 1, -1, 3, 7,-7),
FILL_SREG(-7,-1, 3, 7, -5, 5, 1,-3),
+ /* The following are unused by hardware, but we emit them to IBs
+ * instead of multiple SET_CONTEXT_REG packets. */
+ 0,
+ 0,
};
static const uint64_t centroid_priority_8x = 0x3546012735460127ull;
/* 16x MSAA (the positions are sorted for EQAA) */
static const uint32_t sample_locs_16x[] = {
FILL_SREG(-5,-2, 5, 3, -2, 6, 3,-5),
FILL_SREG(-4,-6, 1, 1, -6, 4, 7,-4),
FILL_SREG(-1,-3, 6, 7, -3, 2, 0,-7),
FILL_SREG(-7,-8, 2, 5, -8, 0, 4,-1),
};
--
2.19.1
More information about the mesa-dev
mailing list