From mboxrd@z Thu Jan 1 00:00:00 1970 From: bugzilla-daemon@freedesktop.org Subject: [Bug 93447] [r600g] llvm crash because of use of uninitialized stack Date: Sat, 19 Dec 2015 16:33:50 +0000 Message-ID: Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="===============0581889453==" Return-path: Received: from culpepper.freedesktop.org (unknown [131.252.210.165]) by gabe.freedesktop.org (Postfix) with ESMTP id 696C96E07A for ; Sat, 19 Dec 2015 08:33:50 -0800 (PST) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dri-devel-bounces@lists.freedesktop.org Sender: "dri-devel" To: dri-devel@lists.freedesktop.org List-Id: dri-devel@lists.freedesktop.org --===============0581889453== Content-Type: multipart/alternative; boundary="1450542830.FdFC2E360.16518"; charset="UTF-8" --1450542830.FdFC2E360.16518 Date: Sat, 19 Dec 2015 16:33:50 +0000 MIME-Version: 1.0 Content-Type: text/plain; charset="UTF-8" https://bugs.freedesktop.org/show_bug.cgi?id=93447 Bug ID: 93447 Summary: [r600g] llvm crash because of use of uninitialized stack Product: Mesa Version: git Hardware: x86-64 (AMD64) OS: Linux (All) Status: NEW Severity: normal Priority: medium Component: Drivers/Gallium/r600 Assignee: dri-devel@lists.freedesktop.org Reporter: notasas@gmail.com QA Contact: dri-devel@lists.freedesktop.org Created attachment 120595 --> https://bugs.freedesktop.org/attachment.cgi?id=120595&action=edit hack patch When replaying traces from Bug 92229 with R600_DEBUG=llvm specified a crash will occur (on my system) in LLVMBuildInsertElement() because uninitialized value in Index argument is passed. That value originates from radeon_llvm_emit_prepare_cube_coords() function's coords[3] stack variable. At that time, opcode = TGSI_OPCODE_TEX target = TGSI_TEXTURE_CUBE so nothing ever sets coords[3], which is copied to the caller and eventually finds it way to llvm. Unfortunately I don't have any knowledge about that code, I hope somebody who knows more can take a look. A hack patch is attached but it's most likely wrong. -- You are receiving this mail because: You are the assignee for the bug. --1450542830.FdFC2E360.16518 Date: Sat, 19 Dec 2015 16:33:50 +0000 MIME-Version: 1.0 Content-Type: text/html; charset="UTF-8"
Bug ID 93447
Summary [r600g] llvm crash because of use of uninitialized stack
Product Mesa
Version git
Hardware x86-64 (AMD64)
OS Linux (All)
Status NEW
Severity normal
Priority medium
Component Drivers/Gallium/r600
Assignee dri-devel@lists.freedesktop.org
Reporter notasas@gmail.com
QA Contact dri-devel@lists.freedesktop.org 

Created attachment 120595 [details]
hack patch

When replaying traces from Bug 92229 with R600_DEBUG=llvm specified a crash
will occur (on my system) in LLVMBuildInsertElement() because uninitialized
value in Index argument is passed. That value originates from
radeon_llvm_emit_prepare_cube_coords() function's coords[3] stack variable. At
that time,
 opcode = TGSI_OPCODE_TEX
 target = TGSI_TEXTURE_CUBE
so nothing ever sets coords[3], which is copied to the caller and eventually
finds it way to llvm.

Unfortunately I don't have any knowledge about that code, I hope somebody who
knows more can take a look. A hack patch is attached but it's most likely
wrong.

You are receiving this mail because:
  • You are the assignee for the bug.
--1450542830.FdFC2E360.16518-- --===============0581889453== Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: base64 Content-Disposition: inline X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX18KZHJpLWRldmVs IG1haWxpbmcgbGlzdApkcmktZGV2ZWxAbGlzdHMuZnJlZWRlc2t0b3Aub3JnCmh0dHA6Ly9saXN0 cy5mcmVlZGVza3RvcC5vcmcvbWFpbG1hbi9saXN0aW5mby9kcmktZGV2ZWwK --===============0581889453==--