Patrick Lerda
aa79030505
Indeed, the access to the array is done with a 4x multiplier.
The size of the array should be calculated accordingly.
For instance, this issue is triggered on radeonsi with
"piglit/bin/arb_direct_state_access-gettextureimage-formats -auto -fbo":
==3419==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7ffc31f804b0 at pc 0x7fac7ef81b2d bp 0x7ffc31f803d0 sp 0x7ffc31f803c8
WRITE of size 1 at 0x7ffc31f804b0 thread T0
#0 0x7fac7ef81b2c in do_span_rgba_unorm8 ../src/mesa/main/mipmap.c:160
#1 0x7fac7ef83549 in do_row ../src/mesa/main/mipmap.c:258
#2 0x7fac7ef83986 in make_2d_mipmap ../src/mesa/main/mipmap.c:371
#3 0x7fac7ef8670b in generate_mipmap_compressed ../src/mesa/main/mipmap.c:1062
#4 0x7fac7ef8670b in _mesa_generate_mipmap ../src/mesa/main/mipmap.c:1119
#5 0x7fac7e5472aa in check_gen_mipmap ../src/mesa/main/teximage.c:2910
#6 0x7fac7e5472aa in check_gen_mipmap ../src/mesa/main/teximage.c:2904
#7 0x7fac7e5472aa in teximage ../src/mesa/main/teximage.c:3315
#8 0x7fac7e5472aa in teximage_err ../src/mesa/main/teximage.c:3342
#9 0x7fac7e550cfa in _mesa_TexImage2D ../src/mesa/main/teximage.c:3413
Address 0x7ffc31f804b0 is located in stack of thread T0 at offset 96 in frame
#0 0x7fac7ef814ff in do_span_rgba_unorm8 ../src/mesa/main/mipmap.c:132
This frame has 3 object(s):
[32, 96) 'result' (line 145) <== Memory access at offset 96 overflows this variable
[128, 384) 'rowA' (line 144)
[448, 704) 'rowB' (line 144)
Fixes: dd8fb7139d ("mesa/main: rewrite mipmap generation code")
Signed-off-by: Patrick Lerda <patrick9876@free.fr>
Reviewed-by: Erik Faye-Lund <erik.faye-lund@collabora.com>
Part-of: <https://gitlab.freedesktop.org/mesa/mesa/-/merge_requests/29572>
`Mesa <https://mesa3d.org>`_ - The 3D Graphics Library ====================================================== Source ------ This repository lives at https://gitlab.freedesktop.org/mesa/mesa. Other repositories are likely forks, and code found there is not supported. Build & install --------------- You can find more information in our documentation (`docs/install.rst <https://docs.mesa3d.org/install.html>`_), but the recommended way is to use Meson (`docs/meson.rst <https://docs.mesa3d.org/meson.html>`_): .. code-block:: sh $ mkdir build $ cd build $ meson .. $ sudo ninja install Support ------- Many Mesa devs hang on IRC; if you're not sure which channel is appropriate, you should ask your question on `OFTC's #dri-devel <irc://irc.oftc.net/dri-devel>`_, someone will redirect you if necessary. Remember that not everyone is in the same timezone as you, so it might take a while before someone qualified sees your question. To figure out who you're talking to, or which nick to ping for your question, check out `Who's Who on IRC <https://dri.freedesktop.org/wiki/WhosWho/>`_. The next best option is to ask your question in an email to the mailing lists: `mesa-dev\@lists.freedesktop.org <https://lists.freedesktop.org/mailman/listinfo/mesa-dev>`_ Bug reports ----------- If you think something isn't working properly, please file a bug report (`docs/bugs.rst <https://docs.mesa3d.org/bugs.html>`_). Contributing ------------ Contributions are welcome, and step-by-step instructions can be found in our documentation (`docs/submittingpatches.rst <https://docs.mesa3d.org/submittingpatches.html>`_). Note that Mesa uses gitlab for patches submission, review and discussions.