glsl: avoid an out-of-bound access while setting up a location for variable
authorAndrii Simiklit <andrii.simiklit@globallogic.com>
Thu, 29 Oct 2020 15:05:19 +0000 (17:05 +0200)
committerMarge Bot <eric+marge@anholt.net>
Thu, 26 Nov 2020 15:03:23 +0000 (15:03 +0000)
It fixes the following valgrind issue:
==141996== Invalid read of size 4
==141996==    at 0x61F8806: gl_nir_link_uniforms (gl_nir_link_uniforms.c:1788)
==141996==    by 0x60F17AA: gl_nir_link_glsl (gl_nir_linker.c:672)
==141996==    by 0x5C1AEDF: st_link_nir (st_glsl_to_nir.cpp:739)
==141996==    by 0x5C15574: st_link_shader (st_glsl_to_ir.cpp:172)
==141996==    by 0x5C673B0: _mesa_glsl_link_shader (ir_to_mesa.cpp:3117)
==141996==    by 0x5E7B61C: link_program (shaderapi.c:1311)
==141996==    by 0x5E7B61C: link_program_error (shaderapi.c:1419)
==141996==    by 0x5E7CF8A: _mesa_LinkProgram (shaderapi.c:1911)
==141996==    by 0x4923D13: stub_glLinkProgram (piglit-dispatch-gen.c:33956)
==141996==    by 0x1142C0: link_and_use_shaders (shader_runner.c:1636)
==141996==    by 0x1205A6: init_test (shader_runner.c:5347)
==141996==    by 0x121555: piglit_init (shader_runner.c:5725)
==141996==    by 0x4991C84: run_test (piglit_fbo_framework.c:50)

It can be reproduced on `iris` using the following piglit test:
instance-matching-shader-storage-blocks-align-qualifier-mismatch.shader_test

Closes: #3818
Reviewed-by: Ian Romanick <ian.d.romanick@intel.com>
Fixes: 47c35823 ("glsl: fix up location setting for variables pointing to a UBO's base")
Signed-off-by: Mike Blumenkrantz <michael.blumenkrantz@gmail.com>
Signed-off-by: Andrii Simiklit <andrii.simiklit@globallogic.com>
Part-of: <https://gitlab.freedesktop.org/mesa/mesa/-/merge_requests/7376>

src/compiler/glsl/gl_nir_link_uniforms.c

index f8a6cc8..cd26cb3 100644 (file)
@@ -1776,19 +1776,21 @@ gl_nir_link_uniforms(struct gl_context *ctx,
                      break;
                }
                assert(found);
-            } else
+               var->data.location = location;
+            } else {
                /* this is the base block offset */
-               location = buffer_block_index;
+               var->data.location = buffer_block_index;
+               location = 0;
+            }
             assert(buffer_block_index >= 0);
             const struct gl_uniform_block *const block =
                &blocks[buffer_block_index];
-            assert(location != -1);
+            assert(location >= 0 && location < block->NumUniforms);
 
             const struct gl_uniform_buffer_variable *const ubo_var =
                &block->Uniforms[location];
 
             state.offset = ubo_var->Offset;
-            var->data.location = location;
          }
 
          /* Check if the uniform has been processed already for