Module: Mesa Branch: main Commit: 4eabd6586b4b50d3a6938387426a68479e9710de URL: http://cgit.freedesktop.org/mesa/mesa/commit/?id=4eabd6586b4b50d3a6938387426a68479e9710de
Author: Alyssa Rosenzweig <[email protected]> Date: Sun Feb 26 19:15:48 2023 -0500 nir/lower_blend: Don't dereference null If a dual source blend colour is never written, src1 will be null and it will be invalid to dereference it. src1 is dereferenced both for the f2fN instruction but also if a dual blend factor is used... even if the latter isn't strictly valid, segfaulting in the NIR pass seems a lot meaner than blending with zero. The referenced commit hosed Asahi, causing anything that used blending to crash. Panfrost is unaffected since it always supplies a dual colour due to our crude construction of blend shaders. Fixes: 83130165437 ("nir/lower_blend: Consume dual stores") Signed-off-by: Alyssa Rosenzweig <[email protected]> Reviewed-by: Faith Ekstrand <[email protected]> Part-of: <https://gitlab.freedesktop.org/mesa/mesa/-/merge_requests/21544> --- src/compiler/nir/nir_lower_blend.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/src/compiler/nir/nir_lower_blend.c b/src/compiler/nir/nir_lower_blend.c index d80241aafb7..9a5ade4047c 100644 --- a/src/compiler/nir/nir_lower_blend.c +++ b/src/compiler/nir/nir_lower_blend.c @@ -357,6 +357,12 @@ nir_blend( unsigned rt, nir_ssa_def *src, nir_ssa_def *src1, nir_ssa_def *dst) { + /* Don't crash if src1 isn't written. It doesn't matter what dual colour we + * blend with in that case, as long as we don't dereference NULL. + */ + if (!src1) + src1 = nir_imm_zero(b, 4, src->bit_size); + /* Grab the blend constant ahead of time */ nir_ssa_def *bconst; if (options->scalar_blend_const) {
