From: Timothy Arceri <tarceri@itsqueeze.com>
Date: Mon, 15 Jun 2020 23:35:09 +0000 (+1000)
Subject: st_glsl_to_nir: fix potential use after free
X-Git-Url: https://git.libre-soc.org/?a=commitdiff_plain;h=b2e9d21fdd679fba80c358ed7871c30987d10e05;p=mesa.git

st_glsl_to_nir: fix potential use after free

When updating the shader info used by GL for the API we must
remember to make sure to restore the pointers to its own name
and label strings. There are a number of ways in which the nir
copy of these strings can be freed before GL is finished with
them.

Fixes: 36be8c2fcf94 ("st/glsl_to_nir: use nir_shader_gather_info()")
Closes: https://gitlab.freedesktop.org/mesa/mesa/-/issues/2875

Reviewed-by: Marek Olšák <marek.olsak@amd.com>
Reviewed-by: Pierre-Eric Pelloux-Prayer <pierre-eric.pelloux-prayer@amd.com>
Part-of: <https://gitlab.freedesktop.org/mesa/mesa/-/merge_requests/5488>
---

diff --git a/src/mesa/state_tracker/st_glsl_to_nir.cpp b/src/mesa/state_tracker/st_glsl_to_nir.cpp
index b99e8339ae0..fc3236861e2 100644
--- a/src/mesa/state_tracker/st_glsl_to_nir.cpp
+++ b/src/mesa/state_tracker/st_glsl_to_nir.cpp
@@ -80,6 +80,19 @@ st_nir_fixup_varying_slots(struct st_context *st, struct exec_list *var_list)
    }
 }
 
+static void
+st_shader_gather_info(nir_shader *nir, struct gl_program *prog)
+{
+   nir_shader_gather_info(nir, nir_shader_get_entrypoint(nir));
+
+   /* Copy the info we just generated back into the gl_program */
+   const char *prog_name = prog->info.name;
+   const char *prog_label = prog->info.label;
+   prog->info = nir->info;
+   prog->info.name = prog_name;
+   prog->info.label = prog_label;
+}
+
 /* input location assignment for VS inputs must be handled specially, so
  * that it is aligned w/ st's vbo state.
  * (This isn't the case with, for ex, FS inputs, which only need to agree
@@ -768,8 +781,7 @@ st_link_nir(struct gl_context *ctx,
       NIR_PASS_V(nir, nir_lower_system_values);
       NIR_PASS_V(nir, nir_lower_clip_cull_distance_arrays);
 
-      nir_shader_gather_info(nir, nir_shader_get_entrypoint(nir));
-      shader->Program->info = nir->info;
+      st_shader_gather_info(nir, shader->Program);
       if (shader->Stage == MESA_SHADER_VERTEX) {
          /* NIR expands dual-slot inputs out to two locations.  We need to
           * compact things back down GL-style single-slot inputs to avoid