gallium/tgsi: fix oob access in parse instruction

When parsing texture instruction, it doesn't stop if the
'cur' is ',', the loop variable 'i' will also be increased
and be used to index the 'inst.TexOffsets' array. This can lead
an oob access issue. This patch avoid this.

Signed-off-by: Li Qiang <liq3ea@gmail.com>
Signed-off-by: Dave Airlie <airlied@redhat.com>
macos/master
Li Qiang 8 years ago committed by Dave Airlie
parent e534b51ca3
commit 28894a30a1
  1. 2
      src/gallium/auxiliary/tgsi/tgsi_text.c

@ -1097,7 +1097,7 @@ parse_instruction(
cur = ctx->cur; cur = ctx->cur;
eat_opt_white( &cur ); eat_opt_white( &cur );
for (i = 0; inst.Instruction.Texture && *cur == ','; i++) { for (i = 0; inst.Instruction.Texture && *cur == ',' && i < TGSI_FULL_MAX_TEX_OFFSETS; i++) {
cur++; cur++;
eat_opt_white( &cur ); eat_opt_white( &cur );
ctx->cur = cur; ctx->cur = cur;

Loading…
Cancel
Save