The piglit test glsl-fs-uniform-array-loop-unroll.shader_test was designed to do an out of bounds access into an uniform array to make sure that we handle that situation gracefully inside the driver, however, as Ken describes in bug 79202, Valgrind reports that this is leading to an out-of-bounds access in fs_visitor::demote_pull_constants().
Before accessing the pull_constant_loc array we should make sure that the uniform we are trying to access is valid. Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=79202 --- src/mesa/drivers/dri/i965/brw_fs.cpp | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/src/mesa/drivers/dri/i965/brw_fs.cpp b/src/mesa/drivers/dri/i965/brw_fs.cpp index 89754ad..6d7cf0e 100644 --- a/src/mesa/drivers/dri/i965/brw_fs.cpp +++ b/src/mesa/drivers/dri/i965/brw_fs.cpp @@ -2281,8 +2281,13 @@ fs_visitor::demote_pull_constants() if (inst->src[i].file != UNIFORM) continue; - int pull_index = pull_constant_loc[inst->src[i].reg + - inst->src[i].reg_offset]; + int pull_index; + unsigned location = inst->src[i].reg + inst->src[i].reg_offset; + if (location >= uniforms) /* Out of bounds access */ + pull_index = -1; + else + pull_index = pull_constant_loc[location]; + if (pull_index == -1) continue; -- 1.9.1 _______________________________________________ mesa-dev mailing list mesa-dev@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/mesa-dev
