glsl: Don't crash on function names with invalid identifiers.

Karol Herbst's fuzzing efforts noticed that we would segfault on:

   void bug() {
      2(0);
   }

We just need to bail if the function name isn't an identifier.

Based on a bug fix by Karol Herbst.

Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=97422
Signed-off-by: Kenneth Graunke <kenneth@whitecape.org>
Reviewed-by: Timothy Arceri <timothy.arceri@collabora.com>

diff --git a/src/compiler/glsl/ast_function.cpp b/src/compiler/glsl/ast_function.cpp
index ac3b52d24e5e305ed82fff0b8b36a84bd902958c..3f353a3017d96f0f6e1952e89e29e5f627ec22d9 100644 (file)
--- a/src/compiler/glsl/ast_function.cpp
+++ b/src/compiler/glsl/ast_function.cpp
@@ -2090,7 +2090,7 @@ ast_function_expression::hir(exec_list *instructions,
       return handle_method(instructions, state);
    } else {
       const ast_expression *id = subexpressions[0];
-      const char *func_name;
+      const char *func_name = NULL;
       YYLTYPE loc = get_location();
       exec_list actual_parameters;
       ir_variable *sub_var = NULL;
@@ -2104,8 +2104,10 @@ ast_function_expression::hir(exec_list *instructions,
                                           id->subexpressions[0],
                                           id->subexpressions[1], &func_name,
                                           &actual_parameters);
-      } else {
+      } else if (id->oper == ast_identifier) {
          func_name = id->primary_expression.identifier;
+      } else {
+         _mesa_glsl_error(&loc, state, "function name is not an identifier");
       }
 
       /* an error was emitted earlier */