Bug 40611 - piglit 17000-consecutive-chars-identifier SIGSEGV
Summary: piglit 17000-consecutive-chars-identifier SIGSEGV
Status: RESOLVED FIXED
Alias: None
Product: Mesa
Classification: Unclassified
Component: glsl-compiler (show other bugs)
Version: git
Hardware: All Linux (All)
: medium critical
Assignee: mesa-dev
QA Contact:
URL:
Whiteboard:
Keywords:
: 55219 (view as bug list)
Depends on:
Blocks:
 
Reported: 2011-09-03 13:36 UTC by Vinson Lee
Modified: 2012-10-26 23:53 UTC (History)
3 users (show)

See Also:
i915 platform:
i915 features:

Attachments

Description Vinson Lee 2011-09-03 13:36:18 UTC 
mesa: 0a00a9a05b357dafae86bf8af879aa601f101eba (master)

piglit 17000-consecutive-chars-identifier crashes with swrast, softpipe, and llvmpipe.

$ ./bin/glslparsertest tests/glslparsertest/glsl2/17000-consecutive-chars-identifier.frag pass 1.10
Segmentation fault (core dumped)

(gdb) bt
#0  malloc_consolidate (av=0x7f50c7119e40) at malloc.c:5155
#1  0x00007f50c6e15e82 in _int_malloc (av=0x7f50c7119e40, bytes=17049) at malloc.c:4373
#2  0x00007f50c6e19254 in __libc_calloc (n=<value optimized out>, elem_size=<value optimized out>) at malloc.c:4065
#3  0x00007f50c7d7fd30 in ralloc_size (ctx=0x217abd0, size=17001) at ralloc.c:111
#4  0x00007f50c7d7ff94 in ralloc_array_size (ctx=0x217abd0, size=1, count=17001) at ralloc.c:179
#5  0x00007f50c7d80306 in ralloc_strdup (ctx=0x217abd0, str=0x218008f 'x' <repeats 200 times>...) at ralloc.c:313
#6  0x00007f50c7ea4d29 in glcpp_lex (yylval_param=0x7fff863ac750, yylloc_param=0x7fff863ac680, yyscanner=0x217ac40) at glcpp/glcpp-lex.l:276
#7  0x00007f50c7eabbf3 in glcpp_parser_lex (yylval=0x7fff863ac750, yylloc=0x7fff863ac680, parser=0x217abd0) at glcpp/glcpp-parse.y:1751
#8  0x00007f50c7ea7f34 in yyparse (parser=0x217abd0) at glcpp/glcpp-parse.c:1717
#9  0x00007f50c7eaac4b in glcpp_parser_parse (parser=0x217abd0) at glcpp/glcpp-parse.y:1150
#10 0x00007f50c7d80e93 in preprocess (ralloc_ctx=0x217a810, shader=0x7fff863ac8b0, info_log=0x217a8c8, extensions=0x20ac5b0, api=0) at glcpp/pp.c:152
#11 0x00007f50c7d6b43e in _mesa_glsl_compile_shader (ctx=0x20ab3b0, shader=0x2129ac0) at program/ir_to_mesa.cpp:3333
#12 0x00007f50c7d019c0 in compile_shader (ctx=0x20ab3b0, shaderObj=1) at main/shaderapi.c:848
#13 0x00007f50c7d02451 in _mesa_CompileShaderARB (shaderObj=1) at main/shaderapi.c:1188
#14 0x0000000000426dcd in test () at piglit/tests/glslparsertest/glslparsertest.c:141
#15 0x000000000042721e in main (argc=4, argv=0x7fff863acb58) at piglit/tests/glslparsertest/glslparsertest.c:267
Comment 1 Kenneth Graunke 2012-05-04 09:08:09 UTC 
If anyone is bored and wants to look at this...I'm pretty sure it's a buffer overflow in flex.  Nasty.  Haven't been able to make a small test case that reproduces it, though.
Comment 2 Ian Romanick 2012-09-26 14:38:34 UTC 
*** Bug 55219 has been marked as a duplicate of this bug. ***
Comment 3 Matt Turner 2012-10-26 23:53:32 UTC 
Ken fixed this in commit 9142ade15416415f2d5eb20b093b898c649cd2bb.

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.