and add assertions to prevent buffer overflow. This fixes corruption
of the r600_shader struct.
NOTE: This is a candidate for the stable branches.
---
src/gallium/drivers/r600/r600_shader.c | 2 ++
src/gallium/drivers/r600/r600_shader.h | 4 ++--
2 files changed, 4 insertions(+), 2 deletions(-)
diff --git a/src/gallium/drivers/r600/r600_shader.c
b/src/gallium/drivers/r600/r600_shader.c
index fd3fe39..baa39ab 100644
--- a/src/gallium/drivers/r600/r600_shader.c
+++ b/src/gallium/drivers/r600/r600_shader.c
@@ -940,6 +940,7 @@ static int tgsi_declaration(struct r600_shader_ctx *ctx)
switch (d->Declaration.File) {
case TGSI_FILE_INPUT:
i = ctx->shader->ninput;
+ assert(i < Elements(ctx->shader->input));
ctx->shader->ninput += count;
ctx->shader->input[i].name = d->Semantic.Name;
ctx->shader->input[i].sid = d->Semantic.Index;
@@ -971,6 +972,7 @@ static int tgsi_declaration(struct r600_shader_ctx *ctx)
break;
case TGSI_FILE_OUTPUT:
i = ctx->shader->noutput++;
+ assert(i < Elements(ctx->shader->output));
ctx->shader->output[i].name = d->Semantic.Name;
ctx->shader->output[i].sid = d->Semantic.Index;
ctx->shader->output[i].gpr = ctx->file_offset[TGSI_FILE_OUTPUT]
+ d->Range.First;
diff --git a/src/gallium/drivers/r600/r600_shader.h
b/src/gallium/drivers/r600/r600_shader.h
index 411667a..d989ce4 100644
--- a/src/gallium/drivers/r600/r600_shader.h
+++ b/src/gallium/drivers/r600/r600_shader.h
@@ -45,8 +45,8 @@ struct r600_shader {
unsigned ninput;
unsigned noutput;
unsigned nlds;
- struct r600_shader_io input[32];
- struct r600_shader_io output[32];
+ struct r600_shader_io input[40];
+ struct r600_shader_io output[40];
boolean uses_kill;
boolean fs_write_all;
boolean two_side;
--
1.7.10.4
_______________________________________________
mesa-dev mailing list
mesa-dev@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/mesa-dev
