fdo-mirrors/mesa
1
0
Fork 0
mirror of https://gitlab.freedesktop.org/mesa/mesa.git synced 2026-06-03 19:48:17 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 4
mesa/src
History
Patrick Lerda ea54dea3a4 i915: fix emit_hw_vertex() unbounded memory access 
This change adds the DRAW_ATTR_NONEXIST functionality
which fixes the memory access issue.

For instance, this issue is triggered with "piglit/bin/glsl-routing -auto -fbo":
==8384==ERROR: AddressSanitizer: heap-use-after-free on address 0xa11dfd84 at pc 0xae573fbd bp 0xbf87f688 sp 0xbf87f67c
READ of size 4 at 0xa11dfd84 thread T0
    #0 0xae573fbc in emit_hw_vertex ../src/gallium/drivers/i915/i915_prim_emit.c:92
    #1 0xae574ab0 in emit_prim ../src/gallium/drivers/i915/i915_prim_emit.c:154
    #2 0xae574ab0 in setup_tri ../src/gallium/drivers/i915/i915_prim_emit.c:160
    #3 0xad65d322 in do_triangle ../src/gallium/auxiliary/draw/draw_pipe.c:173
    #4 0xad65d322 in pipe_run_linear ../src/gallium/auxiliary/draw/draw_decompose_tmp.h:181
    #5 0xad663375 in draw_pipeline_run_linear ../src/gallium/auxiliary/draw/draw_pipe.c:337
    #6 0xad86d9ac in pipeline ../src/gallium/auxiliary/draw/draw_pt_fetch_shade_pipeline_llvm.c:476
    #7 0xad86d9ac in llvm_pipeline_generic ../src/gallium/auxiliary/draw/draw_pt_fetch_shade_pipeline_llvm.c:701
    #8 0xad86ed75 in llvm_middle_end_linear_run ../src/gallium/auxiliary/draw/draw_pt_fetch_shade_pipeline_llvm.c:784
    #9 0xad6aaaee in vsplit_segment_simple_linear ../src/gallium/auxiliary/draw/draw_pt_vsplit_tmp.h:223
    #10 0xad6aaaee in vsplit_run_linear ../src/gallium/auxiliary/draw/draw_split_tmp.h:64
    #11 0xad68a74b in draw_pt_arrays ../src/gallium/auxiliary/draw/draw_pt.c:161
    #12 0xad68b7ca in draw_pt_arrays_restart ../src/gallium/auxiliary/draw/draw_pt.c:430
    #13 0xad68b7ca in draw_instances ../src/gallium/auxiliary/draw/draw_pt.c:491
    #14 0xad68ce0a in draw_vbo ../src/gallium/auxiliary/draw/draw_pt.c:628
    #15 0xae5651d4 in i915_draw_vbo ../src/gallium/drivers/i915/i915_context.c:115
    #16 0xae5651d4 in i915_draw_vbo ../src/gallium/drivers/i915/i915_context.c:51
    #17 0xac7f50d3 in _mesa_draw_arrays ../src/mesa/main/draw.c:1204

Fixes: 247cee92df ("i915g: replace "uint" with normal uint32_t.")
Signed-off-by: Patrick Lerda <patrick9876@free.fr>
Part-of: <https://gitlab.freedesktop.org/mesa/mesa/-/merge_requests/27571>
2026-05-25 11:36:07 +00:00
..
amd radv: validate drirc option names at compile time 2026-05-21 14:26:28 +00:00
android_stub android_stub: purge unused log utils 2026-05-01 20:23:23 +00:00
asahi util: pass a struct to driParseConfigFiles() 2026-05-19 19:51:45 +00:00
broadcom vc4/ci: update expected results 2026-05-25 10:22:12 +02:00
c11
compiler spirv: Stop warning about ignored invalid ArrayStride decorations 2026-05-23 04:39:46 +00:00
drm-shim drm-shim: fix shim on GLX 2026-04-14 12:06:10 +00:00
egl egl/dri2: require valid render fd before advertising EGL_WL_bind_wayland_display 2026-05-13 16:16:48 +00:00
etnaviv Uprev Piglit to 6fd29fe44f8857b876a67bee962919635f22ecc8 2026-05-20 21:37:44 +00:00
freedreno freedreno: Add support for A704 2026-05-22 20:14:35 +00:00
gallium i915: fix emit_hw_vertex() unbounded memory access 2026-05-25 11:36:07 +00:00
gbm gbm: Replace VER_MIN with common MIN2 2026-04-30 13:00:03 +00:00
getopt
gfxstream gfxstream: codegen: drop const from let-param scalar cast 2026-05-23 06:54:37 +00:00
glx glx/windows: Drop static from driwindowsCreateScreen() 2026-05-18 13:33:35 +00:00
gtest
imagination util: pass a struct to driParseConfigFiles() 2026-05-19 19:51:45 +00:00
imgui imgui: update copy and port all tools using it 2026-04-30 10:59:45 +00:00
intel anv, brw: Use previous shader VUE map for FS input layout when available 2026-05-23 05:17:37 +00:00
kosmickrisp kk: Fix some missed NIR debug asserts 2026-05-25 02:56:26 -07:00
loader util: pass a struct to driParseConfigFiles() 2026-05-19 19:51:45 +00:00
mesa nir: remove ffma_old 2026-05-19 18:13:42 +00:00
microsoft util: pass a struct to driParseConfigFiles() 2026-05-19 19:51:45 +00:00
nouveau nak: Allow YY swizzle for SM20 and SM32 asserts 2026-05-24 12:48:01 +02:00
panfrost panvk/csf: Inline the SPD addr helpers 2026-05-22 19:54:53 +00:00
poly panvk/csf: implement VK_EXT_primitives_generated_query primitive restart 2026-01-21 09:03:34 +00:00
tool pps: Re-emit time clock_sync more regularly 2026-05-06 21:37:15 +00:00
util intel: switch shader hash to 64bit value 2026-05-22 15:05:30 +00:00
virtio meson: Add Soong compatibility compiler flags to Vulkan drivers 2026-05-22 07:09:49 +00:00
vulkan meson: Add Soong compatibility compiler flags to Vulkan drivers 2026-05-22 07:09:49 +00:00
x11 meson: Add support for buidling zink + Turnip/KGSL 2026-03-31 15:00:29 +00:00
.clang-format intel: add Jay 2026-04-10 18:21:21 +00:00
meson.build gallium/dril: Don't use gbm if there is no gbm configured 2026-02-17 08:24:02 +00:00