<div dir="ltr">Hi Samuel,<div><br></div><div>Var pointer is passed by value to <span style="font-size:12.8px">get_variable_being_redeclared,  so it will not fix the issue. </span><span style="font-size:12.8px">I thinks </span><span style="font-size:12.8px">it should be changed to pointer to pointer.</span></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Tue, Feb 7, 2017 at 11:45 AM, Samuel Iglesias Gonsálvez <span dir="ltr"><<a href="mailto:siglesias@igalia.com" target="_blank">siglesias@igalia.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">The get_variable_being_redeclared(<wbr>) function can free 'var' because<br>
a re-declaration of an unsized array variable can establish the size, so<br>
we set the array type to the earlier declaration and free 'var' as it is<br>
not needed anymore.<br>
<br>
However, the same 'var' is referenced later in ast_declarator_list::hir().<br>
This patch fixes it by assigning 'earlier' to var, as this variable is<br>
the one we keep.<br>
<br>
This error was detected by Address Sanitizer.<br>
<br>
Bugzilla: <a href="https://bugs.freedesktop.org/show_bug.cgi?id=99677" rel="noreferrer" target="_blank">https://bugs.freedesktop.org/<wbr>show_bug.cgi?id=99677</a><br>
Signed-off-by: Samuel Iglesias Gonsálvez <<a href="mailto:siglesias@igalia.com">siglesias@igalia.com</a>><br>
---<br>
 src/compiler/glsl/ast_to_hir.<wbr>cpp | 2 +-<br>
 1 file changed, 1 insertion(+), 1 deletion(-)<br>
<br>
diff --git a/src/compiler/glsl/ast_to_<wbr>hir.cpp b/src/compiler/glsl/ast_to_<wbr>hir.cpp<br>
index b31b61d1ed6..99b5a7957ab 100644<br>
--- a/src/compiler/glsl/ast_to_<wbr>hir.cpp<br>
+++ b/src/compiler/glsl/ast_to_<wbr>hir.cpp<br>
@@ -3999,7 +3999,7 @@ get_variable_being_redeclared(<wbr>ir_variable *var, YYLTYPE loc,<br>
<br>
       earlier->type = var->type;<br>
       delete var;<br>
-      var = NULL;<br>
+      var = earlier;<br>
    } else if ((state->ARB_fragment_coord_<wbr>conventions_enable ||<br>
               state->is_version(150, 0))<br>
               && strcmp(var->name, "gl_FragCoord") == 0<br>
<span class="HOEnZb"><font color="#888888">--<br>
2.11.0<br>
<br>
______________________________<wbr>_________________<br>
mesa-dev mailing list<br>
<a href="mailto:mesa-dev@lists.freedesktop.org">mesa-dev@lists.freedesktop.org</a><br>
<a href="https://lists.freedesktop.org/mailman/listinfo/mesa-dev" rel="noreferrer" target="_blank">https://lists.freedesktop.org/<wbr>mailman/listinfo/mesa-dev</a><br>
</font></span></blockquote></div><br></div>