From c889df3fbed64be8669d21e3d3c5d6db913255da Mon Sep 17 00:00:00 2001
From: Matt Turner <mattst88@gmail.com>
Date: Fri, 12 Jul 2013 11:05:38 -0700
Subject: [PATCH] glsl: Reject C-style initializers with unknown types.

_mesa_ast_set_aggregate_type walks through declarations initialized with
C-style aggregate initializers and stops when it runs out of LHS
declarations or RHS expressions.

In the example

   vec4 v = {{{1, 2, 3, 4}}};

_mesa_ast_set_aggregate_type would not recurse into the subexpressions
(since vec4s do not contain types that can be initialized with an
aggregate initializer) to set their <constructor_type>s. Later in ::hir
we would dereference the NULL pointer and segfault.

If <constructor_type> is NULL in ::hir we know that the LHS and RHS
were unbalanced and the code is illegal.

Arrays, structs, and matrices were unaffected.

Reviewed-by: Kenneth Graunke <kenneth@whitecape.org>
Reviewed-by: Chris Forbes <chrisf@ijw.co.nz>
---
 src/glsl/ast_function.cpp | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/src/glsl/ast_function.cpp b/src/glsl/ast_function.cpp
index 3918263..e34c1dd 100644
--- a/src/glsl/ast_function.cpp
+++ b/src/glsl/ast_function.cpp
@@ -1707,6 +1707,11 @@ ast_aggregate_initializer::hir(exec_list *instructions,
    void *ctx = state;
    YYLTYPE loc = this->get_location();
    const char *name;
+
+   if (!this->constructor_type) {
+      _mesa_glsl_error(&loc, state, "type of C-style initializer unknown");
+      return ir_rvalue::error_value(ctx);
+   }
    const glsl_type *const constructor_type =
       this->constructor_type->glsl_type(&name, state);
 
-- 
2.7.4