nir: Use nir_src_copy instead of direct assignments.

If the source is an indirect register, there is ralloc'd data.  Copying
with a direct assignment will copy the pointer, but the data will still
belong to the old instruction's memory context.  Since we're lowering
and throwing away instructions, that could free the data by mistake.

Instead, use nir_src_copy, which properly handles this.

This is admittedly not a common case, so I think the bug is real,
but unlikely to be hit.

Cc: mesa-stable@lists.freedesktop.org
Reviewed-by: Matt Turner <mattst88@gmail.com>

diff --git a/src/compiler/nir/nir_lower_atomics.c b/src/compiler/nir/nir_lower_atomics.c
index 1993013f8f6d00ec2d372d79d5ff3678b8482ac7..2252e1679be9979813e7ca69340e5ac41d95b748 100644 (file)
--- a/src/compiler/nir/nir_lower_atomics.c
+++ b/src/compiler/nir/nir_lower_atomics.c
@@ -155,7 +155,7 @@ lower_instr(nir_intrinsic_instr *instr,
     * instruction.
     */
    for (unsigned i = 0; i < nir_intrinsic_infos[instr->intrinsic].num_srcs; i++)
-      new_instr->src[i + 1] = instr->src[i];
+      nir_src_copy(&new_instr->src[i + 1], &instr->src[i], new_instr);
 
    if (instr->dest.is_ssa) {
       nir_ssa_dest_init(&new_instr->instr, &new_instr->dest,

diff --git a/src/compiler/nir/nir_lower_atomics_to_ssbo.c b/src/compiler/nir/nir_lower_atomics_to_ssbo.c
index fd6eefb1fd01c3c7d63320c5264ed35539963a37..371eb0b9d15c3dce4f4b76997546c608883c7f32 100644 (file)
--- a/src/compiler/nir/nir_lower_atomics_to_ssbo.c
+++ b/src/compiler/nir/nir_lower_atomics_to_ssbo.c
@@ -115,7 +115,7 @@ lower_instr(nir_intrinsic_instr *instr, unsigned ssbo_offset, nir_builder *b)
       /* remapped to ssbo_atomic_add: { buffer_idx, offset, +1 } */
       temp = nir_imm_int(b, +1);
       new_instr->src[0] = nir_src_for_ssa(buffer);
-      new_instr->src[1] = instr->src[0];
+      nir_src_copy(&new_instr->src[1], &instr->src[0], new_instr);
       new_instr->src[2] = nir_src_for_ssa(temp);
       break;
    case nir_intrinsic_atomic_counter_dec:
@@ -123,21 +123,21 @@ lower_instr(nir_intrinsic_instr *instr, unsigned ssbo_offset, nir_builder *b)
       /* NOTE semantic difference so we adjust the return value below */
       temp = nir_imm_int(b, -1);
       new_instr->src[0] = nir_src_for_ssa(buffer);
-      new_instr->src[1] = instr->src[0];
+      nir_src_copy(&new_instr->src[1], &instr->src[0], new_instr);
       new_instr->src[2] = nir_src_for_ssa(temp);
       break;
    case nir_intrinsic_atomic_counter_read:
       /* remapped to load_ssbo: { buffer_idx, offset } */
       new_instr->src[0] = nir_src_for_ssa(buffer);
-      new_instr->src[1] = instr->src[0];
+      nir_src_copy(&new_instr->src[1], &instr->src[0], new_instr);
       break;
    default:
       /* remapped to ssbo_atomic_x: { buffer_idx, offset, data, (compare)? } */
       new_instr->src[0] = nir_src_for_ssa(buffer);
-      new_instr->src[1] = instr->src[0];
-      new_instr->src[2] = instr->src[1];
+      nir_src_copy(&new_instr->src[1], &instr->src[0], new_instr);
+      nir_src_copy(&new_instr->src[2], &instr->src[1], new_instr);
       if (op == nir_intrinsic_ssbo_atomic_comp_swap)
-         new_instr->src[3] = instr->src[2];
+         nir_src_copy(&new_instr->src[3], &instr->src[2], new_instr);
       break;
    }
 

diff --git a/src/compiler/nir/nir_lower_io_to_scalar.c b/src/compiler/nir/nir_lower_io_to_scalar.c
index f2345d58acfcfce4559e2780c34a07028eff8018..fffd1d3d2bbe76b3629883089b3dfa8080238b70 100644 (file)
--- a/src/compiler/nir/nir_lower_io_to_scalar.c
+++ b/src/compiler/nir/nir_lower_io_to_scalar.c
@@ -49,7 +49,7 @@ lower_load_input_to_scalar(nir_builder *b, nir_intrinsic_instr *intr)
       nir_intrinsic_set_base(chan_intr, nir_intrinsic_base(intr));
       nir_intrinsic_set_component(chan_intr, nir_intrinsic_component(intr) + i);
       /* offset */
-      chan_intr->src[0] = intr->src[0];
+      nir_src_copy(&chan_intr->src[0], &intr->src[0], chan_intr);
 
       nir_builder_instr_insert(b, &chan_intr->instr);
 
@@ -84,7 +84,7 @@ lower_store_output_to_scalar(nir_builder *b, nir_intrinsic_instr *intr)
       /* value */
       chan_intr->src[0] = nir_src_for_ssa(nir_channel(b, value, i));
       /* offset */
-      chan_intr->src[1] = intr->src[1];
+      nir_src_copy(&chan_intr->src[1], &intr->src[1], chan_intr);
 
       nir_builder_instr_insert(b, &chan_intr->instr);
    }