From: Connor Abbott <cwabbott0@gmail.com>
Date: Fri, 8 Mar 2019 12:05:53 +0000 (+0100)
Subject: nir/serialize: Prevent writing uninitialized state_slot data
X-Git-Url: https://git.libre-soc.org/?a=commitdiff_plain;h=d086d16b8165244db53f20dbf60c921f4bb38f38;p=mesa.git

nir/serialize: Prevent writing uninitialized state_slot data

The nir_state_slot struct had some padding that was never initialized.
Serializing the individual parts of the struct is more robust and avoids
the overhead of zeroing it at creation, so just do that.

Reviewed-by: Jason Ekstrand <jason@jlekstrand.net>
---

diff --git a/src/compiler/nir/nir_serialize.c b/src/compiler/nir/nir_serialize.c
index 743eeaed3d5..840a1572786 100644
--- a/src/compiler/nir/nir_serialize.c
+++ b/src/compiler/nir/nir_serialize.c
@@ -141,8 +141,11 @@ write_variable(write_ctx *ctx, const nir_variable *var)
       blob_write_string(ctx->blob, var->name);
    blob_write_bytes(ctx->blob, (uint8_t *) &var->data, sizeof(var->data));
    blob_write_uint32(ctx->blob, var->num_state_slots);
-   blob_write_bytes(ctx->blob, (uint8_t *) var->state_slots,
-                    var->num_state_slots * sizeof(nir_state_slot));
+   for (unsigned i = 0; i < var->num_state_slots; i++) {
+      for (unsigned j = 0; j < STATE_LENGTH; j++)
+         blob_write_uint32(ctx->blob, var->state_slots[i].tokens[j]);
+      blob_write_uint32(ctx->blob, var->state_slots[i].swizzle);
+   }
    blob_write_uint32(ctx->blob, !!(var->constant_initializer));
    if (var->constant_initializer)
       write_constant(ctx, var->constant_initializer);
@@ -172,9 +175,15 @@ read_variable(read_ctx *ctx)
    }
    blob_copy_bytes(ctx->blob, (uint8_t *) &var->data, sizeof(var->data));
    var->num_state_slots = blob_read_uint32(ctx->blob);
-   var->state_slots = ralloc_array(var, nir_state_slot, var->num_state_slots);
-   blob_copy_bytes(ctx->blob, (uint8_t *) var->state_slots,
-                   var->num_state_slots * sizeof(nir_state_slot));
+   if (var->num_state_slots != 0) {
+      var->state_slots = ralloc_array(var, nir_state_slot,
+                                      var->num_state_slots);
+      for (unsigned i = 0; i < var->num_state_slots; i++) {
+         for (unsigned j = 0; j < STATE_LENGTH; j++)
+            var->state_slots[i].tokens[j] = blob_read_uint32(ctx->blob);
+         var->state_slots[i].swizzle = blob_read_uint32(ctx->blob);
+      }
+   }
    bool has_const_initializer = blob_read_uint32(ctx->blob);
    if (has_const_initializer)
       var->constant_initializer = read_constant(ctx, var);