fdo-mirrors/mesa
1
0
Fork 0
mirror of https://gitlab.freedesktop.org/mesa/mesa.git synced 2026-05-01 16:48:07 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

asahi: Fix undefined behaviour with samplers

Browse source 
bind_sampler_states doesn't zero [nr_samplers, PIPE_MAX_SAMPLERS) so can get
non-null garbage samplers leading to a use-after-free (segfault derefencing
sampler) or a buffer overflow (writing samplers[] out).

Fixes crashes in Xonotic.

Signed-off-by: Alyssa Rosenzweig <alyssa@collabora.com>
Reported-by: dcow
Tested-by: dcow
Part-of: <https://gitlab.freedesktop.org/mesa/mesa/-/merge_requests/19994>
This commit is contained in:
Alyssa Rosenzweig 2022-11-24 18:26:20 -05:00 committed by Marge Bot
parent b102f045ab
commit f9e11c71c7
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
src/gallium/drivers/asahi/agx_state.c
View file

@ -1348,7 +1348,7 @@ agx_build_pipeline(struct agx_batch *batch, struct agx_compiled_shader *cs, enum
}
/* TODO: Dirty track me to save some CPU cycles and maybe improve caching */
for (unsigned i = 0; i < PIPE_MAX_SAMPLERS; ++i) {
for (unsigned i = 0; i < nr_samplers; ++i) {
struct agx_sampler_state *sampler = ctx->stage[stage].samplers[i];
if (sampler)