From 565aa69970ccb0e92c9d5773c43d9b49e7bdb8e4 Mon Sep 17 00:00:00 2001 From: Kenneth Graunke Date: Sat, 13 Feb 2016 16:58:35 -0800 Subject: glsl: Fix overflow of ImageAccess[] array. The ImageAccess array is statically sized to MAX_IMAGE_UNIFORMS: GLenum ImageAccess[MAX_IMAGE_UNIFORMS]; There was no bounds checking ensuring we don't overflow. Passing in a shader with too many uniforms would cause writes to extend into other fields, such as sh->NumImages. Later linker checks already handle reporting an error when there are too many images, so just avoid corrupting structures here. This rearranges the logic a bit to look more like the sampler case. Signed-off-by: Kenneth Graunke Reviewed-by: Ilia Mirkin Reviewed-by: Timothy Arceri Reviewed-by: Jordan Justen Tested-by: Jordan Justen --- src/compiler/glsl/link_uniforms.cpp | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'src/compiler/glsl/link_uniforms.cpp') diff --git a/src/compiler/glsl/link_uniforms.cpp b/src/compiler/glsl/link_uniforms.cpp index 7072c16..d18a2f2 100644 --- a/src/compiler/glsl/link_uniforms.cpp +++ b/src/compiler/glsl/link_uniforms.cpp @@ -649,15 +649,15 @@ private: current_var->data.image_write_only ? GL_WRITE_ONLY : GL_READ_WRITE); - for (unsigned j = 0; j < MAX2(1, uniform->array_elements); ++j) - prog->_LinkedShaders[shader_type]-> - ImageAccess[this->next_image + j] = access; + const unsigned first = this->next_image; /* Increment the image index by 1 for non-arrays and by the * number of array elements for arrays. */ this->next_image += MAX2(1, uniform->array_elements); + for (unsigned i = first; i < MIN2(next_image, MAX_IMAGE_UNIFORMS); i++) + prog->_LinkedShaders[shader_type]->ImageAccess[i] = access; } } -- cgit v1.1