On 05/26/2016 09:25 AM, Rob Clark wrote:
From: Rob Clark <robcl...@freedesktop.org>CID 1271532 (#1 of 1): Out-of-bounds read (OVERRUN)34. overrun-local: Overrunning array of 2 16-byte elements at element index 2 (byte offset 32) by dereferencing pointer &inst.Dst[i]. Signed-off-by: Rob Clark <robcl...@freedesktop.org> --- src/gallium/auxiliary/tgsi/tgsi_text.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/src/gallium/auxiliary/tgsi/tgsi_text.c b/src/gallium/auxiliary/tgsi/tgsi_text.c index 955d042..8bdec06 100644 --- a/src/gallium/auxiliary/tgsi/tgsi_text.c +++ b/src/gallium/auxiliary/tgsi/tgsi_text.c @@ -1081,6 +1081,9 @@ parse_instruction( inst.Memory.Qualifier = 0; } + assume(info->num_dst <= TGSI_FULL_MAX_DST_REGISTERS); + assume(info->num_src <= TGSI_FULL_MAX_SRC_REGISTERS); + /* Parse instruction operands. */ for (i = 0; i < info->num_dst + info->num_src + info->is_tex; i++) {
For both, Reviewed-by: Brian Paul <bri...@vmware.com> Should the first be cc'd for stable? _______________________________________________ mesa-dev mailing list mesa-dev@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/mesa-dev
