From 28a6e45a0f88f8ebc93a49799379ed1e6b9ab1ff Mon Sep 17 00:00:00 2001
From: Filip Gawin <filip.gawin@zoho.com>
Date: Tue, 12 Oct 2021 19:22:26 +0200
Subject: [PATCH] nir: avoiding reading unitialized memory when using
 nir_dest_copy

Deeper in chain of calls, function "src_has_indirect" is used (which
reads "is_ssa" and "reg.indirect").

Fixes: d1eae6f36be6 ("nir: Properly clean up nir_src/dest indirects")

Reviewed-by: Emma Anholt <emma@anholt.net>
Reviewed-by: Alyssa Rosenzweig <alyssa@collabora.com>
Reviewed-by: Jason Ekstrand <jason@jlekstrand.net>
Part-of: <https://gitlab.freedesktop.org/mesa/mesa/-/merge_requests/13317>
---
 src/compiler/nir/nir.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/compiler/nir/nir.c b/src/compiler/nir/nir.c
index 404dcd0..4451089 100644
--- a/src/compiler/nir/nir.c
+++ b/src/compiler/nir/nir.c
@@ -376,7 +376,7 @@ void nir_src_copy(nir_src *dest, const nir_src *src)
       dest->reg.base_offset = src->reg.base_offset;
       dest->reg.reg = src->reg.reg;
       if (src->reg.indirect) {
-         dest->reg.indirect = malloc(sizeof(nir_src));
+         dest->reg.indirect = calloc(1, sizeof(nir_src));
          nir_src_copy(dest->reg.indirect, src->reg.indirect);
       } else {
          dest->reg.indirect = NULL;
@@ -396,7 +396,7 @@ void nir_dest_copy(nir_dest *dest, const nir_dest *src)
    dest->reg.base_offset = src->reg.base_offset;
    dest->reg.reg = src->reg.reg;
    if (src->reg.indirect) {
-      dest->reg.indirect = malloc(sizeof(nir_src));
+      dest->reg.indirect = calloc(1, sizeof(nir_src));
       nir_src_copy(dest->reg.indirect, src->reg.indirect);
    } else {
       dest->reg.indirect = NULL;
-- 
2.7.4