From 3c10a2726bcf686f03e31e79e40786e3894ff063 Mon Sep 17 00:00:00 2001 From: Kenneth Graunke Date: Fri, 7 Jun 2019 23:00:40 -0700 Subject: [PATCH] glsl: Fix out of bounds read in shader_cache_read_program_metadata The VaryingNames array has NumVaryings entries. But BufferStride is a small array of MAX_FEEDBACK_BUFFERS (4) entries. Programs with more than 4 varyings would read out of bounds. Also, BufferStride is set based on the shader itself, which means that it's inherently already included in the hash, and doesn't need to be included again. At the point when shader_cache_read_program_metadata is called, the linker hasn't even set those fields yet. So, just drop it entirely. Fixes valgrind errors in KHR-GL45.transform_feedback.linking_errors_test. Fixes: 6d830940f78 glsl/shader_cache: Allow shader cache usage with transform feedback Reviewed-by: Timothy Arceri --- src/compiler/glsl/shader_cache.cpp | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/src/compiler/glsl/shader_cache.cpp b/src/compiler/glsl/shader_cache.cpp index 581098b..9704904 100644 --- a/src/compiler/glsl/shader_cache.cpp +++ b/src/compiler/glsl/shader_cache.cpp @@ -165,9 +165,8 @@ shader_cache_read_program_metadata(struct gl_context *ctx, prog->FragDataIndexBindings->iterate(create_binding_str, &buf); ralloc_asprintf_append(&buf, "tf: %d ", prog->TransformFeedback.BufferMode); for (unsigned int i = 0; i < prog->TransformFeedback.NumVarying; i++) { - ralloc_asprintf_append(&buf, "%s:%d ", - prog->TransformFeedback.VaryingNames[i], - prog->TransformFeedback.BufferStride[i]); + ralloc_asprintf_append(&buf, "%s ", + prog->TransformFeedback.VaryingNames[i]); } /* SSO has an effect on the linked program so include this when generating -- 2.7.4