projects / mesa.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (from parent 1: 56228b0)
intel/vec4: fix out of bounds read
authorMarcin Ślusarz <marcin.slusarz@intel.com>
Fri, 24 Jul 2020 18:13:00 +0000 (20:13 +0200)
committerMarge Bot <eric+marge@anholt.net>
Thu, 30 Jul 2020 10:41:00 +0000 (10:41 +0000)
NIR_MAX_VEC_COMPONENTS was bumped from 4 to 16 in a8ec4082
(2019.03.09, merged 2019.12.21)

float[4] array was added in acd7796a
(2019.06.11, merged 2019.07.11)

Found by Coverity.
Closes: https://gitlab.freedesktop.org/mesa/mesa/-/issues/3014
Signed-off-by: Marcin Ślusarz <marcin.slusarz@intel.com>
Fixes: a8ec4082a41 ("nir+vtn: vec8+vec16 support")
Reviewed-by: Lionel Landwerlin <lionel.g.landwerlin@intel.com>
Part-of: <https://gitlab.freedesktop.org/mesa/mesa/-/merge_requests/6067>

src/intel/compiler/brw_vec4_nir.cpp patch | blob | history

diff --git a/src/intel/compiler/brw_vec4_nir.cpp b/src/intel/compiler/brw_vec4_nir.cpp
index 13a5d2f4fa969724e02752d49ebb0dda9eb27fa8..607cfc24d9cc6c98606504ceab1dedaaed971fc2 100644 (file)
--- a/src/intel/compiler/brw_vec4_nir.cpp
+++ b/src/intel/compiler/brw_vec4_nir.cpp
@@ -999,7 +999,7 @@ try_immediate_source(const nir_alu_instr *instr, src_reg *op,
 
    case BRW_REGISTER_TYPE_F: {
       int first_comp = -1;
-      float f[4] = { 0.0f, 0.0f, 0.0f, 0.0f };
+      float f[NIR_MAX_VEC_COMPONENTS] = { 0.0f };
       bool is_scalar = true;
 
       for (unsigned i = 0; i < NIR_MAX_VEC_COMPONENTS; i++) {