fdo-mirrors/mesa
1
0
Fork 0
mirror of https://gitlab.freedesktop.org/mesa/mesa.git synced 2026-06-09 03:38:18 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

agx: fix stack smash with spilling

Browse source 
ASAN saves the day! Was stuck on this for hours.

==37495==ERROR: AddressSanitizer: stack-buffer-overflow on address 0xfffff29ecdbc at pc 0xffff7c0751f4 bp 0xfffff29eca30 sp 0xfffff29eca48
READ of size 4 at 0xfffff29ecdbc thread T0
    #0 0xffff7c0751f0 in __bitset_set_range ../src/util/bitset.h:249
    #1 0xffff7c0751f0 in find_regs ../src/asahi/compiler/agx_register_allocate.c:642
    #2 0xffff7c077d2c in pick_regs ../src/asahi/compiler/agx_register_allocate.c:1008
    #3 0xffff7c077d2c in agx_ra_assign_local ../src/asahi/compiler/agx_register_allocate.c:1096
    #4 0xffff7c077d2c in agx_ra ../src/asahi/compiler/agx_register_allocate.c:1353
    #5 0xffff7c03b6c4 in agx_compile_function_nir ../src/asahi/compiler/agx_compile.c:2840

Signed-off-by: Alyssa Rosenzweig <alyssa@rosenzweig.io>
Part-of: <https://gitlab.freedesktop.org/mesa/mesa/-/merge_requests/28483>
This commit is contained in:
Alyssa Rosenzweig 2024-02-22 17:46:56 -04:00 committed by Marge Bot
parent 9ca5778f3e
commit 3a3f9de486
1 changed files with 3 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
src/asahi/compiler/agx_register_allocate.c
View file

@ -535,9 +535,11 @@ find_regs(struct ra_ctx *rctx, agx_instr *I, unsigned dest_idx, unsigned count,
agx_foreach_ssa_src(I, s) {
unsigned v = I->src[s].value;
if (BITSET_TEST(rctx->visited, v)) {
if (BITSET_TEST(rctx->visited, v) && !I->src[s].memory) {
unsigned base = rctx->ssa_to_reg[v];
unsigned nr = rctx->ncomps[v];
assert(base + nr <= AGX_NUM_REGS);
BITSET_SET_RANGE(killed, base, base + nr - 1);
}
}