Re: [Mesa-dev] [PATCH] gallium/tgsi: fix oob access in parse instruction

Hello, Ping! 2017-01-23 15:44 GMT+08:00 Li Qiang <liq...@gmail.com>: > When parsing texture instruction, it doesn't stop if the > 'cur' is ',', the loop variable 'i' will also be increased > and be used to index the 'inst.TexOffsets' array. This can lead > an oob access issue

[Mesa-dev] [PATCH] gallium/tgsi: fix memory leak in tgsi sanity check

Fix the leak of some ctx fields in error path. Signed-off-by: Li Qiang <liq...@gmail.com> --- src/gallium/auxiliary/tgsi/tgsi_sanity.c | 6 +- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/src/gallium/auxiliary/tgsi/tgsi_sanity.c b/src/gallium/auxiliary/tgsi/tgsi_sa

[Mesa-dev] [PATCH] gallium/tgsi: fix oob access in parse instruction

When parsing texture instruction, it doesn't stop if the 'cur' is ',', the loop variable 'i' will also be increased and be used to index the 'inst.TexOffsets' array. This can lead an oob access issue. This patch avoid this. Signed-off-by: Li Qiang <liq...@gmail.com> --- src/gallium/aux

Re: [Mesa-dev] [PATCH] gallium/tgsi: fix oob access in parse instruction

.TexOffsets' array. This can lead > > an oob access issue. This patch avoid this. > > > > Signed-off-by: Li Qiang <liq...@gmail.com> > > --- > > src/gallium/auxiliary/tgsi/tgsi_text.c | 2 +- > > 1 file changed, 1 insertion(+), 1 deletion(-) > > &g

[Mesa-dev] [PATCH v2] gallium/tgsi: fix memory leak in tgsi sanity check

Fix the leak of some ctx fields in error path. Suggested-by: Marc-Andr?? Lureau <mlur...@redhat.com> Signed-off-by: Li Qiang <liq...@gmail.com> --- src/gallium/auxiliary/tgsi/tgsi_sanity.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/gallium/au

[Mesa-dev] [PATCH v3] gallium/tgsi: fix overflow in parse property

In parse_identifier, it doesn't stop copying '*pcur' untill encounter the NULL. As the 'ret' has a fixed-size buffer, if the '*pcur' has a long string, there will be a buffer overflow. This patch avoid this. Signed-off-by: Li Qiang <liq...@gmail.com> --- src/gallium/auxiliary/tgsi/tgsi_

[Mesa-dev] [PATCH] gallium/tgsi: fix overflow in parse property

In parse_identifier, it doesn't stop copying '*pcur' untill encounter the NULL. As the 'ret' has a fixed-size buffer, if the '*pcur' has a long string, there will be a buffer overflow. This patch avoid this. Signed-off-by: Li Qiang <liq...@gmail.com> --- src/gallium/auxiliary/tgsi/tgsi_

[Mesa-dev] [PATCH v2] gallium/tgsi: fix overflow in parse property

In parse_identifier, it doesn't stop copying '*pcur' untill encounter the NULL. As the 'ret' has a fixed-size buffer, if the '*pcur' has a long string, there will be a buffer overflow. This patch avoid this. Signed-off-by: Li Qiang <liq...@gmail.com> --- src/gallium/auxiliary/tgsi/tgsi_