https://bugs.freedesktop.org/show_bug.cgi?id=29823
Summary: GetUniform[if]v busted
Product: Mesa
Version: unspecified
Platform: Other
OS/Version: All
Status: NEW
Severity: critical
Priority: medium
Component: Mesa core
AssignedTo: mesa-dev@lists.freedesktop.org
ReportedBy: vladi...@pobox.com
(Mesa 7.8.2, reproduced in 7.7.x as well.)
Given a shader that includes a uniform such as:
uniform float u_array[4];
void main()
{
... something that uses u_array[0..3];
}
glGetUniformfv with the location of "u_array" or "u_array[0]" (they're
identical locations, as per the spec) does something very strange that ends up
scribbling the stack. For that uniform, the gl_program_parameter struct looks
like:
Name: "u_array"
Type: PROGRAM_UNIFORM
DataType: 0x1406
Size: 0x10
Used: 0x01
Initialized: 0x01
Flags: 0
The Size of 0x10 seems to have somehow ended up as the size in bytes of the
uniform storage. This causes a problem in get_uniform_rows_cols, where it
does:
if (p->Size <= 4) {
*rows = 1;
*cols = p->Size;
} else {
*rows = p->Size / 4 + 1;
if (p->Size % 4 == 0)
*cols = 4;
else
*cols = p->Size % 4;
}
We end up with rows = 5 and cols = 4, which causes _mesa_get_uniformfv to
attempt to write 4*5 values, which is invalid.
I'm not sure where the bogus Size = 16 is coming from...
--
Configure bugmail: https://bugs.freedesktop.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
_______________________________________________
mesa-dev mailing list
mesa-dev@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/mesa-dev
