fdo-mirrors/mesa
1
0
Fork 0
mirror of https://gitlab.freedesktop.org/mesa/mesa.git synced 2025-12-22 02:40:11 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

glsl: fix use-after free bug/crash in ast_declarator_list::hir()

Browse source 
The call to get_variable_being_redeclared() may delete 'var' so we
can't reference var->name afterward.  We fix that by examining the
var's name before making that call.

Fixes valgrind warnings and possible crash when running the piglit
tests/spec/glsl-1.30/execution/clipping/vs-clip-distance-in-param.shader_test
test (and probably others).

Cc: "10.1 10.2" <mesa-stable@lists.freedesktop.org>

Reviewed-by: Ian Romanick <ian.d.romanick@intel.com>
This commit is contained in:
Brian Paul 2014-05-23 14:59:33 -06:00
parent bb9623a1a8
commit f9cecca7a6
1 changed files with 5 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
src/glsl/ast_to_hir.cpp
View file

@ -3651,11 +3651,15 @@ ast_declarator_list::hir(exec_list *instructions,
* instruction stream.
*/
exec_list initializer_instructions;
/* Examine var name here since var may get deleted in the next call */
bool var_is_gl_id = (strncmp(var->name, "gl_", 3) == 0);
ir_variable *earlier =
get_variable_being_redeclared(var, decl->get_location(), state,
false /* allow_all_redeclarations */);
if (earlier != NULL) {
if (strncmp(var->name, "gl_", 3) == 0 &&
if (var_is_gl_id &&
earlier->data.how_declared == ir_var_declared_in_block) {
_mesa_glsl_error(&loc, state,
"`%s' has already been redeclared using "