From c87cb98bb4e893e04831bf68231f5ed42e0b5b6f Mon Sep 17 00:00:00 2001
From: Kenneth Graunke <kenneth@whitecape.org>
Date: Thu, 8 Dec 2011 01:35:48 -0800
Subject: [PATCH] glsl: Fix crashes caused by Bison error messages involving
 "'%'".

Invalid shaders containing the character % at an unexpected location
would cause Bison to call yyerror with a message of:

    syntax error, unexpected '%'

Bison expects yyerror() to take a string, while _mesa_glsl_error() is a
printf-style function.  This hit the classic printf string escape issue:

    _mesa_glsl_error(loc, state, "unexpected '%'");       // invalid!
    _mesa_glsl_error(loc, state, "%s", "unexpected '%'"); // correct.

This caused assertion failures after ralloc_asprintf_append called
vsnprintf to determine the length of the text that would be printed:
vsnprintf would see the invalid format and return -1, an invalid length.

The solution is to define a proper yyerror() wrapper function that calls
_mesa_glsl_error with the "%s".  Since we compile with -p "_mesa_glsl",
yyerror is defined as:

    #define yyerror         _mesa_glsl_error

So we have to #undef yyerror in order to be able to declare it.

Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=43564
Signed-off-by: Kenneth Graunke <kenneth@whitecape.org>
Reviewed-by: Ian Romanick <ian.d.romanick@intel.com>
Acked-by: Paul Berry <stereotype441@gmail.com>
---
 src/glsl/glsl_parser.yy | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/src/glsl/glsl_parser.yy b/src/glsl/glsl_parser.yy
index 71ab039..8a0377f 100644
--- a/src/glsl/glsl_parser.yy
+++ b/src/glsl/glsl_parser.yy
@@ -32,6 +32,12 @@
 
 #define YYLEX_PARAM state->scanner
 
+#undef yyerror
+
+static void yyerror(YYLTYPE *loc, _mesa_glsl_parse_state *st, const char *msg)
+{
+   _mesa_glsl_error(loc, st, "%s", msg);
+}
 %}
 
 %pure-parser
-- 
2.7.4