projects / mesa.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: ea8c2d1) | patch
nir/spirv: fix build_mat4_det stack smasher
authorMark Janes <mark.a.janes@intel.com>
Tue, 2 Feb 2016 23:30:54 +0000 (15:30 -0800)
committerMark Janes <mark.a.janes@intel.com>
Tue, 2 Feb 2016 23:30:54 +0000 (15:30 -0800)
commit6a7e2904e0a2a6f8efbf739a1b3cad7e1e4ab42d
tree30e8a4636e16847dd2faa638ff9b7fe1f37ce0e0tree
parentea8c2d118a8c9645bedc86259ba42968ac27c239commit | diff
nir/spirv: fix build_mat4_det stack smasher

When generating a sub-determinate matrix, a 3-element swizzle array was
indexed with clever inline boolean logic.  Unfortunately, when i and j
are both 3, the index overruns the array, smashing the next variable on
the stack.

For 64 bit builds, the alignment of the 3-element unsigned array leaves
32 bits of spacing before the next local variable, hiding this bug.  On
i386, a subcolumn pointer was smashed then dereferenced.
src/glsl/nir/spirv/vtn_glsl450.c diff | blob | history