summaryrefslogtreecommitdiffstats
path: root/src/mesa/pipe
diff options
context:
space:
mode:
authorBrian Paul <[email protected]>2015-04-16 15:29:18 -0600
committerEmil Velikov <[email protected]>2015-04-22 16:17:10 +0100
commite2dd5546517dd8d3b6790cea3c74c038629256b4 (patch)
tree39b6f28027db751d092dc5d7562b2ce2778f38c5 /src/mesa/pipe
parent0f5ec7250d3e19eda1121f1bf3f340aedcc26dc5 (diff)
glsl: rewrite glsl_type::record_key_hash() to avoid buffer overflow
This should be more efficient than the previous snprintf() solution. But more importantly, it avoids a buffer overflow bug that could result in crashes or unpredictable results when processing very large interface blocks. For the app in question, key->length = 103 for some interfaces. The check if size >= sizeof(hash_key) was insufficient to prevent overflows of the hash_key[128] array because it didn't account for the terminating zero. In this case, this caused the call to hash_table_string_hash() to return different results for identical inputs, and then shader linking failed. This new solution also takes all structure fields into account instead of just the first 15 when sizeof(pointer)==8. Cc: [email protected] Reviewed-by: Ian Romanick <[email protected]> (cherry picked from commit 31667e6237d30188d0b29e17f5b9892f10c0d83a)
Diffstat (limited to 'src/mesa/pipe')
0 files changed, 0 insertions, 0 deletions