Bug 33316

Summary: uniform array will be allocate one line more and initialize it when it was freed will abort
Product: Mesa Reporter: zhao jian <jian.j.zhao>
Component: Drivers/DRI/i965Assignee: Ian Romanick <idr>
Status: VERIFIED FIXED QA Contact:
Severity: major    
Priority: medium    
Version: 7.10   
Hardware: x86 (IA32)   
OS: Linux (All)   
Whiteboard:
i915 platform: i915 features:
Attachments: test case patch for test uniform array in piglit.
patch for adding test case for test uniform array in piglit.

Description zhao jian 2011-01-20 19:53:09 UTC
System Environment:
--------------------------
Platform:          Piketon, Pineview
Libdrm:         (master)2.4.23-6-g550fe2ca3b29ad2191eab4fdfbed9ed21e25492d
Mesa:           (7.10)2d22c508c7df3b89c1459d6d5597c57d05b60632
Xserver:                (master)xorg-server-1.9.99.901-118-gc6aa4755ec355101a62bef86dbb090262fe806f6
Xf86_video_intel:               (master)2.14.0-10-g4c4ad555564a80311df1a4b762eb1e119c6d95fb
Kernel: (drm-intel-fixes)4efe070896e1f7373c98a13713e659d1f5dee52a

Bug detailed description:
-------------------------
Start X. Run the test case that tests with uniform arrays and free it after using, then the program will crash. A piglit case was in attachment. 

Reproduce steps:
----------------
1. start X
2. run my piglit case.
Comment 1 zhao jian 2011-01-20 19:57:40 UTC
Ian, I think you can test with my test case written for piglit. If OK, can you help me check in the test case? And also cherry pick the following commit from mesa master to 7.9, 7.10 branch. Thanks. 


commit 2a7380e9c3a040356599a5b7740aa24e067fc1f5
Author: Jian Zhao <jian.j.zhao@intel.com>
Date:   Wed Jan 5 10:41:20 2011 +0800

    mesa: fix an error in uniform arrays in row calculating.

    Fix the error in uniform row calculating, it may alloc one line
    more which may cause out of range on memory usage, sometimes program
    aborted when free the memory.

    NOTE: This is a candidate for 7.9 and 7.10 branches.

    Signed-off-by: Brian Paul <brianp@vmware.com>
Comment 2 zhao jian 2011-01-20 19:58:44 UTC
Created attachment 42253 [details]
test case patch for test uniform array in piglit.
Comment 3 zhao jian 2011-01-20 21:56:43 UTC
Created attachment 42255 [details]
patch for adding test case for test uniform array in piglit.
Comment 4 Gordon Jin 2011-01-26 00:56:19 UTC
It seems Ian has cherry-picked the fix to 7.10 and 7.9 branch.
Comment 5 Ian Romanick 2011-01-26 10:19:17 UTC
(In reply to comment #4)
> It seems Ian has cherry-picked the fix to 7.10 and 7.9 branch.

Yes.  I forgot this had change had a bug associated with it because the bug number wasn't in the commit message.  I believe that is because the bug came after the fix.

Fixed by e4c1bcacef9380bbf72f616dc4e6f72ff5741678 (7.9) and acc73692851b2b222833482851ce856ff267bff2 (7.10).
Comment 6 Ian Romanick 2011-01-26 12:19:00 UTC
I'm a bit confused.  I was going to commit the test (which needed a *LOT* of changes to be acceptable), but I don't see how that test really differs from the existing getuniform-01 test.  Both are really just checking whether or not glGetUniformfv overruns the buffer passed to it.

If that's the case, then this bug is really just a dup of bug #29823 (which is not yet fixed).  It also means we don't need this test.

Issues with the test:

    - Use the piglit framework!
        piglit_require_vertex_shader
        piglit_require_fragment_shader
        piglit_compile_shader_text
        piglit_link_simple_shader
        piglit_UseProgram
        etc.

    - Tests that don't check rendering results should do everything in piglit_init.  piglit_display should return PIGLIT_FAIL.

    - The test requries GLSL 1.20 but does not check for it.

    - Limit code to 80 columns, and clean-up trailing white space.

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.