st_glsl_to_nir: fix potential use after free
authorTimothy Arceri <tarceri@itsqueeze.com>
Mon, 15 Jun 2020 23:35:09 +0000 (09:35 +1000)
committerTimothy Arceri <tarceri@itsqueeze.com>
Wed, 17 Jun 2020 01:35:38 +0000 (11:35 +1000)
When updating the shader info used by GL for the API we must
remember to make sure to restore the pointers to its own name
and label strings. There are a number of ways in which the nir
copy of these strings can be freed before GL is finished with
them.

Fixes: 36be8c2fcf94 ("st/glsl_to_nir: use nir_shader_gather_info()")
Closes: https://gitlab.freedesktop.org/mesa/mesa/-/issues/2875
Reviewed-by: Marek Olšák <marek.olsak@amd.com>
Reviewed-by: Pierre-Eric Pelloux-Prayer <pierre-eric.pelloux-prayer@amd.com>
Part-of: <https://gitlab.freedesktop.org/mesa/mesa/-/merge_requests/5488>

src/mesa/state_tracker/st_glsl_to_nir.cpp

index b99e8339ae0245977f7c1db4badb1031f68015e6..fc3236861e2ef57b46d30f26fd6482a42e213652 100644 (file)
@@ -80,6 +80,19 @@ st_nir_fixup_varying_slots(struct st_context *st, struct exec_list *var_list)
    }
 }
 
+static void
+st_shader_gather_info(nir_shader *nir, struct gl_program *prog)
+{
+   nir_shader_gather_info(nir, nir_shader_get_entrypoint(nir));
+
+   /* Copy the info we just generated back into the gl_program */
+   const char *prog_name = prog->info.name;
+   const char *prog_label = prog->info.label;
+   prog->info = nir->info;
+   prog->info.name = prog_name;
+   prog->info.label = prog_label;
+}
+
 /* input location assignment for VS inputs must be handled specially, so
  * that it is aligned w/ st's vbo state.
  * (This isn't the case with, for ex, FS inputs, which only need to agree
@@ -768,8 +781,7 @@ st_link_nir(struct gl_context *ctx,
       NIR_PASS_V(nir, nir_lower_system_values);
       NIR_PASS_V(nir, nir_lower_clip_cull_distance_arrays);
 
-      nir_shader_gather_info(nir, nir_shader_get_entrypoint(nir));
-      shader->Program->info = nir->info;
+      st_shader_gather_info(nir, shader->Program);
       if (shader->Stage == MESA_SHADER_VERTEX) {
          /* NIR expands dual-slot inputs out to two locations.  We need to
           * compact things back down GL-style single-slot inputs to avoid