From: Paul Berry <stereotype441@gmail.com>
Date: Tue, 16 Apr 2013 19:49:51 +0000 (-0700)
Subject: i965/vec4: Fix hypothetical use of uninitialized data in attribute_map[].
X-Git-Url: https://git.libre-soc.org/?a=commitdiff_plain;h=417d8917d4924652f1cd0c64dbf3677d4eddbf8c;p=mesa.git

i965/vec4: Fix hypothetical use of uninitialized data in attribute_map[].

Fixes issue identified by Klocwork analysis:

    'attribute_map' array elements might be used uninitialized in this
    function (vec4_visitor::lower_attributes_to_hw_regs).

The attribute_map array contains the mapping from shader input
attributes to the hardware registers they are stored in.
vec4_vs_visitor::setup_attributes() only populates elements of this
array which, according to core Mesa, are actually used by the shader.
Therefore, when vec4_visitor::lower_attributes_to_hw_regs() accesses
the array to lower a register access in the shader, it should in
principle only access elements of attribute_map that contain valid
data.  However, if a bug ever caused the driver back-end to access an
input that was not flagged as used by core Mesa, then
lower_attributes_to_hw_regs() would access uninitialized memory, which
could cause illegal instructions to get generated, resulting in a
possible GPU hang.

This patch makes the situation more robust by using memset() to
pre-initialize the attribute_map array to zero, so that if such a bug
ever occurred, lower_attributes_to_hw_regs() would generate a (mostly)
harmless access to r0.  In addition, it adds assertions to
lower_attributes_to_hw_regs() so that if we do have such a bug, we're
likely to discover it quickly.

Reviewed-by: Jordan Justen <jordan.l.justen@intel.com>
---

diff --git a/src/mesa/drivers/dri/i965/brw_vec4.cpp b/src/mesa/drivers/dri/i965/brw_vec4.cpp
index b0527c7b31e..0afff6f72c5 100644
--- a/src/mesa/drivers/dri/i965/brw_vec4.cpp
+++ b/src/mesa/drivers/dri/i965/brw_vec4.cpp
@@ -1197,6 +1197,11 @@ vec4_visitor::lower_attributes_to_hw_regs(const int *attribute_map)
       if (inst->dst.file == ATTR) {
 	 int grf = attribute_map[inst->dst.reg + inst->dst.reg_offset];
 
+         /* All attributes used in the shader need to have been assigned a
+          * hardware register by the caller
+          */
+         assert(grf != 0);
+
 	 struct brw_reg reg = brw_vec8_grf(grf, 0);
 	 reg.type = inst->dst.type;
 	 reg.dw1.bits.writemask = inst->dst.writemask;
@@ -1211,6 +1216,11 @@ vec4_visitor::lower_attributes_to_hw_regs(const int *attribute_map)
 
 	 int grf = attribute_map[inst->src[i].reg + inst->src[i].reg_offset];
 
+         /* All attributes used in the shader need to have been assigned a
+          * hardware register by the caller
+          */
+         assert(grf != 0);
+
 	 struct brw_reg reg = brw_vec8_grf(grf, 0);
 	 reg.dw1.bits.swizzle = inst->src[i].swizzle;
          reg.type = inst->src[i].type;
@@ -1230,6 +1240,7 @@ vec4_vs_visitor::setup_attributes(int payload_reg)
 {
    int nr_attributes;
    int attribute_map[VERT_ATTRIB_MAX + 1];
+   memset(attribute_map, 0, sizeof(attribute_map));
 
    nr_attributes = 0;
    for (int i = 0; i < VERT_ATTRIB_MAX; i++) {