Bug 32695

Summary: [glsl] SIGSEGV glcpp/glcpp-parse.y:833
Product: Mesa Reporter: Vinson Lee <vlee>
Component: glsl-compilerAssignee: Ian Romanick <idr>
Status: CLOSED FIXED QA Contact:
Severity: critical    
Priority: medium CC: chadversary, idr, kenneth
Version: 7.10   
Hardware: All   
OS: All   
Whiteboard:
i915 platform: i915 features:

Description Vinson Lee 2010-12-27 23:33:12 UTC 
mesa: f3319561a476bd806005551251dbc6a37f266e03 (master)

GLSL code that has a redefinition with a valueless macro trigger a segmentation fault in the preprocessor.

Two test cases were committed as 092-redefine-macro-error-2.c.

mesa/src/glsl/glcpp/tests/092-redefine-macro-error-2.c
     1	#define A
     2	#define A 1
     3	
     4	#define B 1
     5	#define B

$ cd mesa/src/glsl/glcpp/tests
$ ./glcpp 092-redefine-macro-error-2.c

(gdb) bt
#0  0x080502fb in _token_list_equal_ignoring_space (a=0x8a4fa78, b=0x0)
    at glcpp/glcpp-parse.y:833
#1  0x08051905 in _macro_equal (a=0x8a4faf8, b=0x8a4f918) at glcpp/glcpp-parse.y:1640
#2  0x080519db in _define_object_macro (parser=0x8a3f0e0, loc=0xbfd464d0, 
    identifier=0x8a4f9b0 "A", replacements=0x8a4fa78) at glcpp/glcpp-parse.y:1664
#3  0x0804e064 in yyparse (parser=0x8a3f0e0) at glcpp/glcpp-parse.y:217
#4  0x08050d40 in glcpp_parser_parse (parser=0x8a3f0e0) at glcpp/glcpp-parse.y:1118
#5  0x0805245f in preprocess (talloc_ctx=0x8a3d038, shader=0xbfd47e1c, info_log=0xbfd47e20, 
    extensions=0x0, api=0) at glcpp/pp.c:154
#6  0x080527c4 in main (argc=2, argv=0xbfd47ef4) at glcpp/glcpp.c:123
(gdb) frame 0
#0  0x080502fb in _token_list_equal_ignoring_space (a=0x8a4fa78, b=0x0)
    at glcpp/glcpp-parse.y:833
833		node_b = b->head;
Comment 1 Chad Versace 2011-01-10 17:29:39 UTC 
I just pushed the fix for this.

commit 4fff52f1c973f2f284c142fbb31536a9656767c9
Author: Chad Versace <chad.versace@intel.com>
Date:   Mon Jan 10 16:55:17 2011 -0800

    glcpp: Fix segfault when validating macro redefinitions
    
    In _token_list_equal_ignoring_space(token_list_t*, token_list_t*), add
    a guard that prevents dereferncing a null token list.
    
    This fixes test src/glsl/glcpp/tests/092-redefine-macro-error-2.c and
    Bugzilla #32695.
Comment 2 Ian Romanick 2011-01-10 17:43:13 UTC 
Leave open until the fix is cherry picked back to the stable branch(es).
Comment 3 Chad Versace 2011-01-10 18:30:50 UTC 
(In reply to comment #2)
> Leave open until the fix is cherry picked back to the stable branch(es).

Apologies, I am still learning proper Bugzilla protocol.

Since I have already pushed a fix for this patch [and I don't think it's a candidate for reversion ;-) ], should I assign the bug to myself?
Comment 4 Ian Romanick 2011-01-25 17:35:18 UTC 
Fixed by 8d1e0de5f7344e7ab86fa34540e4b52f039fe1de (7.9.1) and c2b721bc0e83bc6c43fd9a2f52185b7772346975 (7.10).
Comment 5 Vinson Lee 2011-03-26 16:49:52 UTC 
mesa: 56ef62d9885f805bbfb2243dc860ff425d5b4d3b (master)

Verified fixed.

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.