33508 – [glsl] GLSL compiler modulus by zero crash

Bug 33508 - [glsl] GLSL compiler modulus by zero crash

Summary: [glsl] GLSL compiler modulus by zero crash

Status:	CLOSED FIXED

Alias:	None

Product:	Mesa
Classification:	Unclassified
Component:	glsl-compiler (show other bugs)
Version:	git
Hardware:	All All

Importance:	medium critical
Assignee:	Chad Versace
QA Contact:

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2011-01-25 19:05 UTC by Vinson Lee
Modified:	2011-04-13 20:05 UTC (History)
CC List:	0 users

See Also:
i915 platform:
i915 features:

Attachments

Description Vinson Lee 2011-01-25 19:05:46 UTC

mesa: 903185bf3b7c3f7723d4a862286839f422665486 (master)

This fragment shader triggers a floating point exception in the Mesa GLSL
compiler.

void main() {
   int a = 1 % 0;

   gl_FragColor = vec4(0.0);
}


(gdb) bt
#0  0x00a92296 in ir_expression::constant_expression_value (this=0x8f2ed00) at ir_constant_expression.cpp:542
#1  0x00ab12f9 in ir_constant_variable_visitor::visit_enter (this=0xbfe60ed8, ir=0x8f2eb50) at opt_constant_variable.cpp:117
#2  0x00a9d749 in ir_assignment::accept (this=0x8f2eb50, v=0xbfe60ed8) at ir_hv_accept.cpp:276
#3  0x00a9ceb5 in visit_list_elements (v=0xbfe60ed8, l=0x913b4f0) at ir_hv_accept.cpp:48
#4  0x00a9ce0e in ir_hierarchical_visitor::run (this=0xbfe60ed8, instructions=0x913b4f0) at ir_hierarchical_visitor.cpp:282
#5  0x00ab1490 in do_constant_variable (instructions=0x913b4f0) at opt_constant_variable.cpp:161
#6  0x00ab15a8 in do_constant_variable_unlinked (instructions=0x8e63a98) at opt_constant_variable.cpp:191
#7  0x00a8b137 in do_common_optimization (ir=0x8e63a98, linked=false, max_unroll_iterations=32) at glsl_parser_extras.cpp:740
#8  0x00a6926d in _mesa_glsl_compile_shader (ctx=0x8ded628, shader=0x8e62d88) at program/ir_to_mesa.cpp:3121
#9  0x00a0ae28 in compile_shader (ctx=0x8ded628, shaderObj=1) at main/shaderapi.c:856
#10 0x00a0b77b in _mesa_CompileShaderARB (shaderObj=1) at main/shaderapi.c:1187

(gdb) frame 0
#0  0x00a92296 in ir_expression::constant_expression_value (this=0x8f2ed00) at ir_constant_expression.cpp:542
542		    data.i[c] = op[0]->value.i[c0] % op[1]->value.i[c1];
(gdb) print op[0]->value.i[c0]
$1 = 1
(gdb) print op[1]->value.i[c1]
$2 = 0
(gdb) l
537		 switch (op[0]->type->base_type) {
538		 case GLSL_TYPE_UINT:
539		    data.u[c] = op[0]->value.u[c0] % op[1]->value.u[c1];
540		    break;
541		 case GLSL_TYPE_INT:
542		    data.i[c] = op[0]->value.i[c0] % op[1]->value.i[c1];
543		    break;
544		 case GLSL_TYPE_FLOAT:
545		    /* We don't use fmod because it rounds toward zero; GLSL specifies
546		     * the use of floor.

Comment 1 Chad Versace 2011-02-02 10:03:52 UTC

Fixed by commit:
e7c1f058d18f62aa4871aec623f994d7b68cb8c1
glsl: Avoid division-by-zero during constant-folding


Added new Piglit tests:
glslparsertest/glsl2/modulus-zero-01.frag
glslparsertest/glsl2/modulus-zero-02.frag

Comment 2 Vinson Lee 2011-04-13 20:05:38 UTC

mesa: a9a02c8a39620515ec9fd0d774ce329cf67ecb4e (master)

Verified fixed.

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.