Mesa (staging/21.0): compiler/glsl: avoid null-pointer deref

Tue, 30 Mar 2021 11:36:59 -0700 

Module: Mesa
Branch: staging/21.0
Commit: d30cea2b9ba8e3fc81a1d9c5bede0a90688a9783
URL:    
http://cgit.freedesktop.org/mesa/mesa/commit/?id=d30cea2b9ba8e3fc81a1d9c5bede0a90688a9783

Author: Erik Faye-Lund <[email protected]>
Date:   Mon Mar 29 13:21:47 2021 +0200

compiler/glsl: avoid null-pointer deref

When we encounter a bindless image here, lower_deref returns a
NULL-pointer, and calling record_images_used will try to dereference
that NULL-pointer.

So let's dig out the var from the source instruction instead of the
result of the lowering.

Fixes: 5910c938a29 ("nir/glsl: gather bitmask of images used by program")
Reviewed-by: Tapani Pälli <[email protected]>
Part-of: <https://gitlab.freedesktop.org/mesa/mesa/-/merge_requests/9895>
(cherry picked from commit 89a04a54c41b1ffd3f6699273bf1486afa37b96c)

---

 .pick_status.json                                  | 2 +-
 src/compiler/glsl/gl_nir_lower_samplers_as_deref.c | 7 ++++---
 2 files changed, 5 insertions(+), 4 deletions(-)

diff --git a/.pick_status.json b/.pick_status.json
index b2b003361ee..d7194d7e1f6 100644
--- a/.pick_status.json
+++ b/.pick_status.json
@@ -22,7 +22,7 @@
         "description": "compiler/glsl: avoid null-pointer deref",
         "nominated": true,
         "nomination_type": 1,
-        "resolution": 0,
+        "resolution": 1,
         "master_sha": null,
         "because_sha": "5910c938a293c03337911ca3c067b4ecf4b406ee"
     },
diff --git a/src/compiler/glsl/gl_nir_lower_samplers_as_deref.c 
b/src/compiler/glsl/gl_nir_lower_samplers_as_deref.c
index 384f4a4d284..1c9baf92e23 100644
--- a/src/compiler/glsl/gl_nir_lower_samplers_as_deref.c
+++ b/src/compiler/glsl/gl_nir_lower_samplers_as_deref.c
@@ -120,9 +120,10 @@ remove_struct_derefs_prep(nir_deref_instr **p, char **name,
 
 static void
 record_images_used(struct shader_info *info,
-                   nir_deref_instr *deref)
+                   nir_intrinsic_instr *instr)
 {
-   nir_variable *var = nir_deref_instr_get_variable(deref);
+   nir_variable *var =
+      nir_deref_instr_get_variable(nir_src_as_deref(instr->src[0]));
 
    /* Structs have been lowered already, so get_aoa_size is sufficient. */
    const unsigned size =
@@ -302,7 +303,7 @@ lower_intrinsic(nir_intrinsic_instr *instr,
       nir_deref_instr *deref =
          lower_deref(b, state, nir_src_as_deref(instr->src[0]));
 
-      record_images_used(&state->shader->info, deref);
+      record_images_used(&state->shader->info, instr);
 
       /* don't lower bindless: */
       if (!deref)

_______________________________________________
mesa-commit mailing list
[email protected]
https://lists.freedesktop.org/mailman/listinfo/mesa-commit

Reply via email to