From 241bbb49774b26de865fe400c1eec10a55ec2ea3 Mon Sep 17 00:00:00 2001
From: Rhys Perry <pendingchaos02@gmail.com>
Date: Thu, 25 Sep 2025 15:19:04 +0100
Subject: [PATCH] radv: remove NIR_PASS in insert_rt_case
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

When NIR_DEBUG=serialize or NIR_DEBUG=clone is used, NIR_PASS recreates
nir_function_impl and nir_variable objects, causing use-after-free since
insert_rt_case() keeps pointers to those in local variables and var_remap.

Signed-off-by: Rhys Perry <pendingchaos02@gmail.com>
Reviewed-by: Marek Olšák <maraeo@gmail.com>
Reviewed-by: Georg Lehmann <dadschoorse@gmail.com>
Part-of: <https://gitlab.freedesktop.org/mesa/mesa/-/merge_requests/37573>
---
 src/amd/vulkan/nir/radv_nir_rt_shader.c | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/src/amd/vulkan/nir/radv_nir_rt_shader.c b/src/amd/vulkan/nir/radv_nir_rt_shader.c
index a8f450fc88f..8dc4fe7c104 100644
--- a/src/amd/vulkan/nir/radv_nir_rt_shader.c
+++ b/src/amd/vulkan/nir/radv_nir_rt_shader.c
@@ -831,10 +831,11 @@ insert_rt_case(nir_builder *b, nir_shader *shader, struct rt_variables *vars, ni
    struct rt_variables src_vars = create_rt_variables(shader, vars->device, vars->flags, vars->monolithic);
    map_rt_variables(var_remap, &src_vars, vars);
 
-   NIR_PASS(_, shader, lower_rt_instructions, &src_vars, false, NULL);
+   /* These can't use NIR_PASS because NIR_DEBUG=serialize,clone invalidates pointers. */
+   lower_rt_instructions(shader, &src_vars, false, NULL);
 
-   NIR_PASS(_, shader, nir_lower_returns);
-   NIR_PASS(_, shader, nir_opt_dce);
+   nir_lower_returns(shader);
+   nir_opt_dce(shader);
 
    inline_constants(b->shader, shader);