From 14c5bc3b9a6b03a8e42ef79da66d8b81b239cf96 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Marek=20Ol=C5=A1=C3=A1k?= Date: Sat, 11 Apr 2015 13:49:38 +0200 Subject: [PATCH] glsl_to_tgsi: fix out-of-bounds constant access and crash for uniforms This fixes piglit shaders@glsl-fs-uniform-array-loop-unroll with immediate shader compilation - it's a compiler test, so it has never been translated to TGSI before. Cc: 10.4 10.5 Reviewed-by: Brian Paul --- src/mesa/state_tracker/st_glsl_to_tgsi.cpp | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/src/mesa/state_tracker/st_glsl_to_tgsi.cpp b/src/mesa/state_tracker/st_glsl_to_tgsi.cpp index 435c126162f..b732c0b4166 100644 --- a/src/mesa/state_tracker/st_glsl_to_tgsi.cpp +++ b/src/mesa/state_tracker/st_glsl_to_tgsi.cpp @@ -4347,6 +4347,7 @@ struct st_translate { struct ureg_dst arrays[MAX_ARRAYS]; struct ureg_src *constants; + int num_constants; struct ureg_src *immediates; struct ureg_dst outputs[PIPE_MAX_SHADER_OUTPUTS]; struct ureg_src inputs[PIPE_MAX_SHADER_INPUTS]; @@ -4557,15 +4558,15 @@ src_register(struct st_translate *t, const st_src_reg *reg) case PROGRAM_UNIFORM: assert(reg->index >= 0); - return t->constants[reg->index]; + return reg->index < t->num_constants ? + t->constants[reg->index] : ureg_imm4f(t->ureg, 0, 0, 0, 0); case PROGRAM_STATE_VAR: case PROGRAM_CONSTANT: /* ie, immediate */ if (reg->has_index2) return ureg_src_register(TGSI_FILE_CONSTANT, reg->index); - else if (reg->index < 0) - return ureg_DECL_constant(t->ureg, 0); else - return t->constants[reg->index]; + return reg->index >= 0 && reg->index < t->num_constants ? + t->constants[reg->index] : ureg_imm4f(t->ureg, 0, 0, 0, 0); case PROGRAM_IMMEDIATE: return t->immediates[reg->index]; @@ -5283,6 +5284,7 @@ st_translate_program( ret = PIPE_ERROR_OUT_OF_MEMORY; goto out; } + t->num_constants = proginfo->Parameters->NumParameters; for (i = 0; i < proginfo->Parameters->NumParameters; i++) { switch (proginfo->Parameters->Parameters[i].Type) { @@ -5383,6 +5385,7 @@ out: free(t->insn); free(t->labels); free(t->constants); + t->num_constants = 0; free(t->immediates); if (t->error) { -- 2.30.2