Prevent an out of array bounds access in yagl_glsl_state_pp_condition_parse_add_op()

While moving higher or equal priority operations to expression stack in
yagl_glsl_state_pp_condition_parse_add_op function the state->pp_ops
array could be accessed with index -1. Reorder the while() expression
to avoid an out of array bounds access. This fixes an issue indicated
with SVACE warning:

* OVERFLOW_UNDER_CHECK: Buffer 'state->pp_ops' of size 64 accessed at
 yagl_glsl_state.c:640 can overflow, since its index 'state->pp_current_op
 - 1' can have value -1 that is out of range, as indicated by preceding
 conditional expression at yagl_glsl_state.c:640.

  [overflow] overflow at emulator-yagl-1.6/GLESv2/yagl_glsl_state.c:640
  [check: Sub] Sub at emulator-yagl-1.6/GLESv2/yagl_glsl_state.c:640
  [declaration] Shift at emulator-yagl-1.6/GLESv2/yagl_glsl_state.c:640

Change-Id: I2cb6a16ce6c3302f8a2dd4fe92bd8bfbec11c5ca
Signed-off-by: Sylwester Nawrocki <s.nawrocki@samsung.com>

diff --git a/GLESv2/yagl_glsl_state.c b/GLESv2/yagl_glsl_state.c
index 2c538357db884cc2fd20b367c7733bf80792e849..c6e9f4897520e2a6e80c2a896ee2a5b404375152 100644 (file)
--- a/GLESv2/yagl_glsl_state.c
+++ b/GLESv2/yagl_glsl_state.c
@@ -637,8 +637,8 @@ void yagl_glsl_state_pp_condition_parse_add_op(struct yagl_glsl_state *state, ya
     }
 
     // move higher or equal priority operations to expression stack
-    while (glsl_pp_op_prio[op] <= glsl_pp_op_prio[state->pp_ops[state->pp_current_op - 1]] &&
-           state->pp_current_op > 0) {
+    while (state->pp_current_op > 0 &&
+           glsl_pp_op_prio[op] <= glsl_pp_op_prio[state->pp_ops[state->pp_current_op - 1]]) {
         assert(state->pp_current_expr < YAGL_GLSL_PP_EXPRESSION_STACK_SIZE);
         state->pp_current_op--;
         state->pp_exprs[state->pp_current_expr].op = state->pp_ops[state->pp_current_op];