Skip to content

glsl: Fix crashes on out-of-bounds access to vector

In !4064 (closed) the consensus was to return zero on out-of-bounds reads since robustness extensions encourage us to do so. And one case is fixed in !4998 (merged).

And after some thoughts about out-of-bounds writes - I decided to eliminate them.

Section 5.11 (Out-of-Bounds Accesses) of the GLSL 4.60 spec says:

 In the subsections described above for array, vector, matrix and
 structure accesses, any out-of-bounds access produced undefined
 behavior.... Out-of-bounds writes may be discarded or overwrite
 other variables of the active program.

Fixes tests:

spec@glsl-1.20@execution@vector-out-of-bounds-access@fs-vec4-out-of-bounds-1
spec@glsl-1.20@execution@vector-out-of-bounds-access@fs-vec4-out-of-bounds-2
spec@glsl-1.20@execution@vector-out-of-bounds-access@fs-vec4-out-of-bounds-4
spec@glsl-1.20@execution@vector-out-of-bounds-access@fs-vec4-out-of-bounds-5
spec@glsl-1.20@execution@vector-out-of-bounds-access@fs-vec4-out-of-bounds-6

The crash fixed in "glsl: Eliminate out-of-bounds triop_vector_insert" could only be reproduced by setting LowerCombinedClipCullDistance = true and having a shader:

out float gl_ClipDistance[gl_MaxClipDistances];

void main()
{
  int index = -1;
  gl_ClipDistance[index] = -1;
}

I'll add some tests to piglit for this case soon.

Closes: #2604 (closed)
CC: mesa-stable@lists.freedesktop.org

@tarceri @mattst88 @mslusarz

Merge request reports

Loading