projects / mesa.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 4ed4193) | patch
st/glsl_to_tgsi: fix a use-after-free in merge_two_dsts
authorNicolai Hähnle <nicolai.haehnle@amd.com>
Thu, 21 Sep 2017 14:55:35 +0000 (16:55 +0200)
committerNicolai Hähnle <nicolai.haehnle@amd.com>
Fri, 29 Sep 2017 09:42:38 +0000 (11:42 +0200)
commit2703fa613b674184ad94b077ae68ad04160ba9d5
treeb08b169ba8dd38ebda5bab1f5ea35e08d376dca7tree
parent4ed419328d62b428207dbcc53cdf45b0d29f5962commit | diff
st/glsl_to_tgsi: fix a use-after-free in merge_two_dsts

Found by address sanitizer.

The loop here tries to be safe, but in doing so, it ends up doing
exactly the wrong thing: the safe foreach is for when the loop
variable (inst) could be deleted and nothing else. However, this
particular can delete inst's successor, but not inst itself.

Fixes: 8c6a0ebaad72 ("st/mesa: add st fp64 support (v7.1)")
Reviewed-by: Marek Olšák <marek.olsak@amd.com>
Tested-by: Dieter Nützel <Dieter@nuetzel-hh.de>
src/mesa/state_tracker/st_glsl_to_tgsi.cpp diff | blob | history