diff options
author | Eric Anholt <eric@anholt.net> | 2019-01-08 11:45:16 -0800 |
---|---|---|
committer | Eric Anholt <eric@anholt.net> | 2019-01-08 15:44:58 -0800 |
commit | 700aeaf9c863ea545fe529c1a7fcbc8e87c9adb4 (patch) | |
tree | dc7c7dc1235199533b5ea003a8c8132b05389150 | |
parent | 211b826790c499ba54e4cdf871b42e0b34b8f27d (diff) | |
download | mesa-700aeaf9c863ea545fe529c1a7fcbc8e87c9adb4.tar.gz mesa-700aeaf9c863ea545fe529c1a7fcbc8e87c9adb4.tar.bz2 mesa-700aeaf9c863ea545fe529c1a7fcbc8e87c9adb4.zip |
glsl: Fix buffer overflow with an atomic buffer binding out of range.
The binding is checked against the limits later in the function, so we
need to make sure we don't overflow before the check here.
Fixes this valgrind warning (and sometimes segfault):
==1460== Invalid write of size 4
==1460== at 0x74C98DD: ast_declarator_list::hir(exec_list*, _mesa_glsl_parse_state*) (ast_to_hir.cpp:4943)
==1460== by 0x74C054F: _mesa_ast_to_hir(exec_list*, _mesa_glsl_parse_state*) (ast_to_hir.cpp:159)
==1460== by 0x7435C12: _mesa_glsl_compile_shader (glsl_parser_extras.cpp:2130)
in
dEQP-GLES31.functional.debug.negative_coverage.get_error.compute.
exceed_atomic_counters_limit
Reviewed-by: Timothy Arceri <tarceri@itsqueeze.com>
-rw-r--r-- | src/compiler/glsl/ast_to_hir.cpp | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/src/compiler/glsl/ast_to_hir.cpp b/src/compiler/glsl/ast_to_hir.cpp index 8fdc1890ab0..611cfabbd03 100644 --- a/src/compiler/glsl/ast_to_hir.cpp +++ b/src/compiler/glsl/ast_to_hir.cpp @@ -4940,7 +4940,8 @@ ast_declarator_list::hir(exec_list *instructions, && process_qualifier_constant(state, &loc, "offset", type->qualifier.offset, &qual_offset)) { - state->atomic_counter_offsets[qual_binding] = qual_offset; + if (qual_binding < ARRAY_SIZE(state->atomic_counter_offsets)) + state->atomic_counter_offsets[qual_binding] = qual_offset; } } |