Bug 94616

Summary: Invalid write in push_loop_stack
Product: Mesa Reporter: Marc-Andre Lureau <marcandre.lureau>
Component: Drivers/DRI/i965Assignee: Kenneth Graunke <kenneth>
Status: RESOLVED FIXED QA Contact: Intel 3D Bugs Mailing List <intel-3d-bugs>
Severity: critical    
Priority: high    
Version: unspecified   
Hardware: Other   
OS: All   
Whiteboard:
i915 platform: i915 features:
Attachments: 0001-i965-fix-invalid-memory-write.patch

Description Marc-Andre Lureau 2016-03-18 19:08:20 UTC 
Created attachment 122424 [details]
0001-i965-fix-invalid-memory-write.patch

I noticed some heap corruption running virgl tests, and valgrind
    helped me to track it down to the following error:
    
    ==29272== Invalid write of size 4
    ==29272==    at 0x90283D4: push_loop_stack (brw_eu_emit.c:1307)
    ==29272==    by 0x9029A7D: brw_DO (brw_eu_emit.c:1750)
    ==29272==    by 0x90554B0: fs_generator::generate_code(cfg_t const*, int) (brw_fs_generator.cpp:1999)
    ==29272==    by 0x904491F: brw_compile_fs (brw_fs.cpp:5685)
    ==29272==    by 0x8FC5DC5: brw_codegen_wm_prog (brw_wm.c:137)
    ==29272==    by 0x8FC7663: brw_fs_precompile (brw_wm.c:638)
    ==29272==    by 0x8FA4040: brw_shader_precompile(gl_context*, gl_shader_program*) (brw_link.cpp:51)
    ==29272==    by 0x8FA4A9A: brw_link_shader (brw_link.cpp:260)
    ==29272==    by 0x8DEF751: _mesa_glsl_link_shader (ir_to_mesa.cpp:3006)
    ==29272==    by 0x8C84325: _mesa_link_program (shaderapi.c:1042)
    ==29272==    by 0x8C851D7: _mesa_LinkProgram (shaderapi.c:1515)
    ==29272==    by 0x4E4B8E8: add_shader_program (vrend_renderer.c:880)
    ==29272==  Address 0xf2f3cb0 is 0 bytes after a block of size 112 alloc'd
    ==29272==    at 0x4C2AA98: calloc (vg_replace_malloc.c:711)
    ==29272==    by 0x8ED11F7: ralloc_size (ralloc.c:113)
    ==29272==    by 0x8ED1282: rzalloc_size (ralloc.c:134)
    ==29272==    by 0x8ED14C0: rzalloc_array_size (ralloc.c:196)
    ==29272==    by 0x9019C7B: brw_init_codegen (brw_eu.c:291)
    ==29272==    by 0x904F565: fs_generator::fs_generator(brw_compiler const*, void*, void*, void const*, brw_stage_prog_data*, unsigned int, bool, gl_shader_stage) (brw_fs_generator.cpp:124)
    ==29272==    by 0x9044883: brw_compile_fs (brw_fs.cpp:5675)
    ==29272==    by 0x8FC5DC5: brw_codegen_wm_prog (brw_wm.c:137)
    ==29272==    by 0x8FC7663: brw_fs_precompile (brw_wm.c:638)
    ==29272==    by 0x8FA4040: brw_shader_precompile(gl_context*, gl_shader_program*) (brw_link.cpp:51)
    ==29272==    by 0x8FA4A9A: brw_link_shader (brw_link.cpp:260)
    ==29272==    by 0x8DEF751: _mesa_glsl_link_shader (ir_to_mesa.cpp:3006)


See attached patch for possible solution
Comment 1 Marc-Andre Lureau 2016-03-21 15:49:15 UTC 
raising severity, hopefully someone is reading this bug..
Comment 2 Kenneth Graunke 2016-03-22 04:30:32 UTC 
Makes sense to me.  I've committed your patch:

commit 530593da65c0205539fe4bd7bcf7c01e3eba723d
Author: Marc-André Lureau <marcandre.lureau@redhat.com>
Date:   Fri Mar 18 20:01:07 2016 +0100

    i965: fix invalid memory write

Thanks for fixing this!

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.