Bug 108012

Summary: Compiler crashes on access of non-existent member incremental operations
Product: Mesa Reporter: Kevin Rogovin <kevin.rogovin>
Component: glsl-compilerAssignee: Tapani Pälli <lemody>
Status: RESOLVED FIXED QA Contact: Intel 3D Bugs Mailing List <intel-3d-bugs>
Severity: normal    
Priority: medium    
Version: git   
Hardware: x86-64 (AMD64)   
OS: All   
Whiteboard:
i915 platform: i915 features:
Attachments: Compiler crashes on incremental of non-existent struct members

Description Kevin Rogovin 2018-09-21 13:02:41 UTC 
Created attachment 141673 [details]
Compiler crashes on incremental of non-existent struct members

Compiler crashes on incremental of non-existent struct members, for example having in GLSL code:

some_struct.foo += 5;

if the type which some_struct is does not contain the member foo. It appears that most (if not all) incremental operator cause a crash in Mesa regardless of the RHS type. All that is needed is that the member of the struct does not exist for Mesa to crash.

Crash appeared on current master (git-ab80889e92) and also on Ubuntu 18.04 Mesa (18.0.5) and likely has been in Mesa for quite some time.
Comment 1 Tapani Pälli 2018-09-25 06:40:13 UTC 
sent a test and a fix proposal ..
Comment 2 Tapani Pälli 2018-10-08 11:27:37 UTC 
commit d1fa69ed61d5aebeb69ce8a415c098035a953d48
Author: Tapani Pälli <tapani.palli@intel.com>
Date:   Tue Sep 25 17:04:40 2018 +0300

    glsl: do not attempt assignment if operand type not parsed correctly
    
    v2: check types of both operands (Ian)
    
    Cc: mesa-stable@lists.freedesktop.org
    Signed-off-by: Tapani Pälli <tapani.palli@intel.com>
    Reviewed-by: Ian Romanick <ian.d.romanick@intel.com>
    Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=108012

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.