From d7158dcc12bb4ed0cae4998cdd6156b87e393077 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marcin=20=C5=9Alusarz?= Date: Fri, 24 Jul 2020 20:13:00 +0200 Subject: [PATCH] intel/vec4: fix out of bounds read MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit NIR_MAX_VEC_COMPONENTS was bumped from 4 to 16 in a8ec4082 (2019.03.09, merged 2019.12.21) float[4] array was added in acd7796a (2019.06.11, merged 2019.07.11) Found by Coverity. Closes: https://gitlab.freedesktop.org/mesa/mesa/-/issues/3014 Signed-off-by: Marcin Ĺšlusarz Fixes: a8ec4082a41 ("nir+vtn: vec8+vec16 support") Reviewed-by: Lionel Landwerlin Part-of: (cherry picked from commit cb19fe24d361991104f8dcf54d1e807998766be1) --- .pick_status.json | 2 +- src/intel/compiler/brw_vec4_nir.cpp | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.pick_status.json b/.pick_status.json index 9ecf25f2131..1c3499b13af 100644 --- a/.pick_status.json +++ b/.pick_status.json @@ -1759,7 +1759,7 @@ "description": "intel/vec4: fix out of bounds read", "nominated": true, "nomination_type": 1, - "resolution": 0, + "resolution": 1, "master_sha": null, "because_sha": "a8ec4082a41830cf67a4fd405402fd2d820722fd" }, diff --git a/src/intel/compiler/brw_vec4_nir.cpp b/src/intel/compiler/brw_vec4_nir.cpp index 76446adcf54..b04b6a8e371 100644 --- a/src/intel/compiler/brw_vec4_nir.cpp +++ b/src/intel/compiler/brw_vec4_nir.cpp @@ -997,7 +997,7 @@ try_immediate_source(const nir_alu_instr *instr, src_reg *op, case BRW_REGISTER_TYPE_F: { int first_comp = -1; - float f[4] = { 0.0f, 0.0f, 0.0f, 0.0f }; + float f[NIR_MAX_VEC_COMPONENTS] = { 0.0f }; bool is_scalar = true; for (unsigned i = 0; i < NIR_MAX_VEC_COMPONENTS; i++) {