Re: [Mesa-dev] [PATCH] i965: Do not dereference NULL brw_shader pointer when debugging

Fri, 09 Oct 2015 01:04:15 -0700 

On Fri, 2015-10-09 at 08:36 +0100, Chris Wilson wrote:
> On Fri, Oct 09, 2015 at 08:09:20AM +0200, Iago Toral Quiroga wrote:
> > For the VS and FS stages that use ARB_vertex_program or
> > ARB_fragment_program we don't have a shader program, however,
> > when debuging is enabled, we call brw_dump_ir like this:
> > 
> > brw_dump_ir("vertex", prog, &vs->base, &vp->program.Base);
> > 
> > which unconditionally dereferences vs, producing a NULL pointer
> > dereference in the situation explained above, as observed in this
> > gdb session for glxgears right before we call brw_dump_ir:
> > 
> > prog=0x0, vp=0x960f50, key=0x7fffffffc940) at brw_vs.c:174
> > 
> > (gdb) p vs
> > $7 = (struct brw_shader *) 0x0
> > (gdb) p vp
> > $8 = (struct brw_vertex_program *) 0x960f50
> > ---
> >  src/mesa/drivers/dri/i965/brw_vs.c | 2 +-
> >  src/mesa/drivers/dri/i965/brw_wm.c | 2 +-
> >  2 files changed, 2 insertions(+), 2 deletions(-)
> > 
> > diff --git a/src/mesa/drivers/dri/i965/brw_vs.c 
> > b/src/mesa/drivers/dri/i965/brw_vs.c
> > index 38de98f..60fb5fa 100644
> > --- a/src/mesa/drivers/dri/i965/brw_vs.c
> > +++ b/src/mesa/drivers/dri/i965/brw_vs.c
> > @@ -171,7 +171,7 @@ brw_codegen_vs_prog(struct brw_context *brw,
> >     }
> >  
> >     if (unlikely(INTEL_DEBUG & DEBUG_VS))
> > -      brw_dump_ir("vertex", prog, &vs->base, &vp->program.Base);
> > +      brw_dump_ir("vertex", prog, vs ? &vs->base : NULL, 
> > &vp->program.Base);
> 
> The key question is NULL + 0 a nullptr? There's no actual dereference
> here but calculation of a relative address.

Yes, that's a good point and explains why this does not crash. I still
think this is not very safe to be honest, we are implicitly relying on
base being the first member of brw_shader so its offset is 0 and the
resulting math returns a 0x0 address... I think patching this is
harmless and eliminates a potential problem in the future (even if we
can agree that the chances of this actually leading to such situation
are very slim).

Iago

_______________________________________________
mesa-dev mailing list
mesa-dev@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/mesa-dev

Reply via email to