diff options
author | Brian Paul <[email protected]> | 2015-04-16 15:29:18 -0600 |
---|---|---|
committer | Emil Velikov <[email protected]> | 2015-04-22 16:17:10 +0100 |
commit | e2dd5546517dd8d3b6790cea3c74c038629256b4 (patch) | |
tree | 39b6f28027db751d092dc5d7562b2ce2778f38c5 /src/mesa/pipe | |
parent | 0f5ec7250d3e19eda1121f1bf3f340aedcc26dc5 (diff) |
glsl: rewrite glsl_type::record_key_hash() to avoid buffer overflow
This should be more efficient than the previous snprintf() solution.
But more importantly, it avoids a buffer overflow bug that could result
in crashes or unpredictable results when processing very large interface
blocks.
For the app in question, key->length = 103 for some interfaces. The check
if size >= sizeof(hash_key) was insufficient to prevent overflows of the
hash_key[128] array because it didn't account for the terminating zero.
In this case, this caused the call to hash_table_string_hash() to return
different results for identical inputs, and then shader linking failed.
This new solution also takes all structure fields into account instead
of just the first 15 when sizeof(pointer)==8.
Cc: [email protected]
Reviewed-by: Ian Romanick <[email protected]>
(cherry picked from commit 31667e6237d30188d0b29e17f5b9892f10c0d83a)
Diffstat (limited to 'src/mesa/pipe')
0 files changed, 0 insertions, 0 deletions