glsl/blob: Return false from grow_to_fit if we've ever failed

Otherwise we could have a failure followed by a smaller write that
succeeds and get a corrupted blob.  If we ever OOM, we should stop.

v2 (Jason Ekstrand):
 - Initialize the new boolean member in create_blob

Reviewed-by: Nicolai Hähnle <[email protected]>
Reviewed-by: Jordan Justen <[email protected]>
Cc: [email protected]

2 files changed, 13 insertions, 1 deletions

diff --git a/src/compiler/glsl/blob.c b/src/compiler/glsl/blob.c
index e837cdf2a0b..65e1376e160 100644
--- a/src/compiler/glsl/blob.c
+++ b/src/compiler/glsl/blob.c
@@ -46,6 +46,9 @@ grow_to_fit(struct blob *blob, size_t additional)
    size_t to_allocate;
    uint8_t *new_data;
 
+   if (blob->out_of_memory)
+      return false;
+
    if (blob->size + additional <= blob->allocated)
       return true;
 
@@ -57,8 +60,10 @@ grow_to_fit(struct blob *blob, size_t additional)
    to_allocate = MAX2(to_allocate, blob->allocated + additional);
 
    new_data = realloc(blob->data, to_allocate);
-   if (new_data == NULL)
+   if (new_data == NULL) {
+      blob->out_of_memory = true;
       return false;
+   }
 
    blob->data = new_data;
    blob->allocated = to_allocate;
@@ -104,6 +109,7 @@ blob_create()
    blob->data = NULL;
    blob->allocated = 0;
    blob->size = 0;
+   blob->out_of_memory = false;
 
    return blob;
 }
diff --git a/src/compiler/glsl/blob.h b/src/compiler/glsl/blob.h
index 940c81e13b4..4cbbb01b15d 100644
--- a/src/compiler/glsl/blob.h
+++ b/src/compiler/glsl/blob.h
@@ -55,6 +55,12 @@ struct blob {
 
    /** The number of bytes that have actual data written to them. */
    size_t size;
+
+   /**
+    * True if we've ever failed to realloc or if we go pas the end of a fixed
+    * allocation blob.
+    */
+   bool out_of_memory;
 };
 
 /* When done reading, the caller can ensure that everything was consumed by