diff options
author | Samuel Iglesias Gonsálvez <[email protected]> | 2017-02-09 13:54:46 +0100 |
---|---|---|
committer | Samuel Iglesias Gonsálvez <[email protected]> | 2017-02-23 06:56:16 +0100 |
commit | a73a61893323c74f38b1baa30d63a5cc665b7b58 (patch) | |
tree | 8bcce9e57cadf0ac8807db93991288ae6b184374 /include/GLES2 | |
parent | 043883647acaee0b2c67c1c6b496404ebb4e8d67 (diff) |
glsl: fix heap-use-after-free in ast_declarator_list::hir()
The get_variable_being_redeclared() function can free 'var' because
a re-declaration of an unsized array variable can establish the size, so
we set the array type to the 'earlier' declaration and free 'var' as it is
not needed anymore.
However, the same 'var' is referenced later in ast_declarator_list::hir().
This patch fixes it by picking the ir_variable_mode from the proper
ir_variable.
This error was detected by Address Sanitizer.
Signed-off-by: Samuel Iglesias Gonsálvez <[email protected]>
Suggested-by: Ian Romanick <[email protected]>
Reviewed-by: Ian Romanick <[email protected]>
Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=99677
Cc: "17.0" <[email protected]>
Cc: "13.0" <[email protected]>
Diffstat (limited to 'include/GLES2')
0 files changed, 0 insertions, 0 deletions