From b2e9d21fdd679fba80c358ed7871c30987d10e05 Mon Sep 17 00:00:00 2001
From: Timothy Arceri <tarceri@itsqueeze.com>
Date: Tue, 16 Jun 2020 09:35:09 +1000
Subject: [PATCH] st_glsl_to_nir: fix potential use after free
MIME-Version: 1.0
Content-Type: text/plain; charset=utf8
Content-Transfer-Encoding: 8bit

When updating the shader info used by GL for the API we must
remember to make sure to restore the pointers to its own name
and label strings. There are a number of ways in which the nir
copy of these strings can be freed before GL is finished with
them.

Fixes: 36be8c2fcf94 ("st/glsl_to_nir: use nir_shader_gather_info()")
Closes: https://gitlab.freedesktop.org/mesa/mesa/-/issues/2875

Reviewed-by: Marek OlÅ¡Ã¡k <marek.olsak@amd.com>
Reviewed-by: Pierre-Eric Pelloux-Prayer <pierre-eric.pelloux-prayer@amd.com>
Part-of: <https://gitlab.freedesktop.org/mesa/mesa/-/merge_requests/5488>
---
 src/mesa/state_tracker/st_glsl_to_nir.cpp | 16 ++++++++++++++--
 1 file changed, 14 insertions(+), 2 deletions(-)

diff --git a/src/mesa/state_tracker/st_glsl_to_nir.cpp b/src/mesa/state_tracker/st_glsl_to_nir.cpp
index b99e8339ae0..fc3236861e2 100644
--- a/src/mesa/state_tracker/st_glsl_to_nir.cpp
+++ b/src/mesa/state_tracker/st_glsl_to_nir.cpp
@@ -80,6 +80,19 @@ st_nir_fixup_varying_slots(struct st_context *st, struct exec_list *var_list)
    }
 }
 
+static void
+st_shader_gather_info(nir_shader *nir, struct gl_program *prog)
+{
+   nir_shader_gather_info(nir, nir_shader_get_entrypoint(nir));
+
+   /* Copy the info we just generated back into the gl_program */
+   const char *prog_name = prog->info.name;
+   const char *prog_label = prog->info.label;
+   prog->info = nir->info;
+   prog->info.name = prog_name;
+   prog->info.label = prog_label;
+}
+
 /* input location assignment for VS inputs must be handled specially, so
  * that it is aligned w/ st's vbo state.
  * (This isn't the case with, for ex, FS inputs, which only need to agree
@@ -768,8 +781,7 @@ st_link_nir(struct gl_context *ctx,
       NIR_PASS_V(nir, nir_lower_system_values);
       NIR_PASS_V(nir, nir_lower_clip_cull_distance_arrays);
 
-      nir_shader_gather_info(nir, nir_shader_get_entrypoint(nir));
-      shader->Program->info = nir->info;
+      st_shader_gather_info(nir, shader->Program);
       if (shader->Stage == MESA_SHADER_VERTEX) {
          /* NIR expands dual-slot inputs out to two locations.  We need to
           * compact things back down GL-style single-slot inputs to avoid
-- 
2.30.2