[virglrenderer-devel] [PATCH] gallium/tgsi: fix oob access in parse instruction
Li Qiang
liq3ea at gmail.com
Mon Feb 6 07:57:57 UTC 2017
Hello,
Ping!
2017-01-23 15:44 GMT+08:00 Li Qiang <liq3ea at gmail.com>:
> When parsing texture instruction, it doesn't stop if the
> 'cur' is ',', the loop variable 'i' will also be increased
> and be used to index the 'inst.TexOffsets' array. This can lead
> an oob access issue. This patch avoid this.
>
> Signed-off-by: Li Qiang <liq3ea at gmail.com>
> ---
> src/gallium/auxiliary/tgsi/tgsi_text.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/src/gallium/auxiliary/tgsi/tgsi_text.c
> b/src/gallium/auxiliary/tgsi/tgsi_text.c
> index 308e6b5..4ed9050 100644
> --- a/src/gallium/auxiliary/tgsi/tgsi_text.c
> +++ b/src/gallium/auxiliary/tgsi/tgsi_text.c
> @@ -1163,7 +1163,7 @@ parse_instruction(
>
> cur = ctx->cur;
> eat_opt_white( &cur );
> - for (i = 0; inst.Instruction.Texture && *cur == ','; i++) {
> + for (i = 0; inst.Instruction.Texture && *cur == ',' && i <
> TGSI_FULL_MAX_TEX_OFFSETS; i++) {
> cur++;
> eat_opt_white( &cur );
> ctx->cur = cur;
> --
> 2.7.4
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.freedesktop.org/archives/virglrenderer-devel/attachments/20170206/5f7b6b83/attachment.html>
More information about the virglrenderer-devel
mailing list