From 151aecabe4be9d45627ef1f6ae6b8d732cea0c28 Mon Sep 17 00:00:00 2001 From: Kenneth Graunke Date: Sat, 12 Nov 2016 11:55:30 -0800 Subject: [PATCH] glsl: Don't crash on function names with invalid identifiers. Karol Herbst's fuzzing efforts noticed that we would segfault on: void bug() { 2(0); } We just need to bail if the function name isn't an identifier. Based on a bug fix by Karol Herbst. Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=97422 Signed-off-by: Kenneth Graunke Reviewed-by: Timothy Arceri --- src/compiler/glsl/ast_function.cpp | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/src/compiler/glsl/ast_function.cpp b/src/compiler/glsl/ast_function.cpp index ac3b52d24e5..3f353a3017d 100644 --- a/src/compiler/glsl/ast_function.cpp +++ b/src/compiler/glsl/ast_function.cpp @@ -2090,7 +2090,7 @@ ast_function_expression::hir(exec_list *instructions, return handle_method(instructions, state); } else { const ast_expression *id = subexpressions[0]; - const char *func_name; + const char *func_name = NULL; YYLTYPE loc = get_location(); exec_list actual_parameters; ir_variable *sub_var = NULL; @@ -2104,8 +2104,10 @@ ast_function_expression::hir(exec_list *instructions, id->subexpressions[0], id->subexpressions[1], &func_name, &actual_parameters); - } else { + } else if (id->oper == ast_identifier) { func_name = id->primary_expression.identifier; + } else { + _mesa_glsl_error(&loc, state, "function name is not an identifier"); } /* an error was emitted earlier */ -- 2.30.2