From dafa77201f116dc53b18a274fb41eef5bb2bd0e3 Mon Sep 17 00:00:00 2001 From: Brian Paul Date: Thu, 26 Jul 2012 13:26:17 -0600 Subject: [PATCH] svga: fix invalid memory reference in needs_to_create_zero() MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit The emit->key.fkey info is only valid if we're generating a fragment shader. We should not look at it if we're generating a vertex shader. When generating a vertex shader, the value of emit->key.fkey.num_textures was garbage and the loop over num_textures would read invalid data. At best this would cause us to emit an unused constant. At worse, we could segfault. Just by dumb luck, fkey.num_textures was usually a smallish integer. NOTE: This is a candidate for the 8.0 branch. Reviewed-by: José Fonseca --- src/gallium/drivers/svga/svga_tgsi_insn.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/src/gallium/drivers/svga/svga_tgsi_insn.c b/src/gallium/drivers/svga/svga_tgsi_insn.c index ba10fa7..4770816 100644 --- a/src/gallium/drivers/svga/svga_tgsi_insn.c +++ b/src/gallium/drivers/svga/svga_tgsi_insn.c @@ -3126,6 +3126,11 @@ needs_to_create_zero( struct svga_shader_emitter *emit ) emit->key.fkey.tex[i].swizzle_a > PIPE_SWIZZLE_ALPHA) return TRUE; } + + for (i = 0; i < emit->key.fkey.num_textures; i++) { + if (emit->key.fkey.tex[i].compare_mode == PIPE_TEX_COMPARE_R_TO_TEXTURE) + return TRUE; + } } if (emit->unit == PIPE_SHADER_VERTEX) { @@ -3150,11 +3155,6 @@ needs_to_create_zero( struct svga_shader_emitter *emit ) emit->info.opcode_count[TGSI_OPCODE_KILP] >= 1) return TRUE; - for (i = 0; i < emit->key.fkey.num_textures; i++) { - if (emit->key.fkey.tex[i].compare_mode == PIPE_TEX_COMPARE_R_TO_TEXTURE) - return TRUE; - } - return FALSE; } -- 2.7.4