mirror of
https://src.fedoraproject.org/rpms/mesa.git
synced 2024-11-24 09:32:42 +00:00
Fix r600 sb crash (#1629401)
This commit is contained in:
Dave Airlie
parent
df60afb5a2
commit
78542af89e
3 changed files with 101 additions and 1 deletions
|
|
@ -0,0 +1,51 @@
|
|||
From 8c51caab2404c5c9f5211936d27e9fe1c0af2e7d Mon Sep 17 00:00:00 2001
|
||||
From: Dave Airlie <airlied@redhat.com>
|
||||
Date: Fri, 29 Jun 2018 03:47:26 +0100
|
||||
Subject: [PATCH] r600/sb: cleanup if_conversion iterator to be legal C++
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
The current code causes:
|
||||
/usr/include/c++/8/debug/safe_iterator.h:207:
|
||||
Error: attempt to copy from a singular iterator.
|
||||
|
||||
This is due to the iterators getting invalidated, fix the
|
||||
reverse iterator to use the return value from erase, and
|
||||
cast it properly.
|
||||
|
||||
(used Mathias suggestion)
|
||||
Cc: <mesa-stable@lists.freedesktop.org>
|
||||
Reviewed-by: Mathias Fröhlich <mathias.froehlich@web.de>
|
||||
---
|
||||
src/gallium/drivers/r600/sb/sb_if_conversion.cpp | 11 ++++-------
|
||||
1 file changed, 4 insertions(+), 7 deletions(-)
|
||||
|
||||
diff --git a/src/gallium/drivers/r600/sb/sb_if_conversion.cpp b/src/gallium/drivers/r600/sb/sb_if_conversion.cpp
|
||||
index 3f6431b80f5..017153434fc 100644
|
||||
--- a/src/gallium/drivers/r600/sb/sb_if_conversion.cpp
|
||||
+++ b/src/gallium/drivers/r600/sb/sb_if_conversion.cpp
|
||||
@@ -42,16 +42,13 @@ int if_conversion::run() {
|
||||
regions_vec &rv = sh.get_regions();
|
||||
|
||||
unsigned converted = 0;
|
||||
-
|
||||
- for (regions_vec::reverse_iterator N, I = rv.rbegin(), E = rv.rend();
|
||||
- I != E; I = N) {
|
||||
- N = I; ++N;
|
||||
-
|
||||
+ for (regions_vec::reverse_iterator I = rv.rbegin(); I != rv.rend(); ) {
|
||||
region_node *r = *I;
|
||||
if (run_on(r)) {
|
||||
- rv.erase(I.base() - 1);
|
||||
+ I = regions_vec::reverse_iterator(rv.erase((++I).base()));
|
||||
++converted;
|
||||
- }
|
||||
+ } else
|
||||
+ ++I;
|
||||
}
|
||||
return 0;
|
||||
}
|
||||
--
|
||||
2.17.1
|
||||
|
||||
42
0001-r600-sb-fix-crash-in-fold_alu_op3.patch
Normal file
42
0001-r600-sb-fix-crash-in-fold_alu_op3.patch
Normal file
|
|
@ -0,0 +1,42 @@
|
|||
From 817efd89685efc6b5866e09cbdad01c4ff21c737 Mon Sep 17 00:00:00 2001
|
||||
From: Roland Scheidegger <sroland@vmware.com>
|
||||
Date: Wed, 4 Jul 2018 04:44:17 +0200
|
||||
Subject: [PATCH] r600/sb: fix crash in fold_alu_op3
|
||||
|
||||
fold_assoc() called from fold_alu_op3() can lower the number of src to 2,
|
||||
which then leads to an invalid access to n.src[2]->gvalue().
|
||||
This didn't seem to have caused much harm in the past, but on Fedora 28
|
||||
it will crash (presumably because -D_GLIBCXX_ASSERTIONS is used, although
|
||||
with libstdc++ 4.8.5 this didn't do anything, -D_GLIBCXX_DEBUG was
|
||||
needed to show the issue).
|
||||
|
||||
An alternative fix would be to instead call fold_alu_op2() from within
|
||||
fold_assoc() when the number of src is reduced and return always TRUE
|
||||
from fold_assoc() in this case, with the only actual difference being
|
||||
the return value from fold_alu_op3() then. I'm not sure what the return
|
||||
value actually should be in this case (or whether it even can make a
|
||||
difference).
|
||||
|
||||
https://bugs.freedesktop.org/show_bug.cgi?id=106928
|
||||
Cc: mesa-stable@lists.freedesktop.org
|
||||
Reviewed-by: Dave Airlie <airlied@redhat.com>
|
||||
---
|
||||
src/gallium/drivers/r600/sb/sb_expr.cpp | 2 ++
|
||||
1 file changed, 2 insertions(+)
|
||||
|
||||
diff --git a/src/gallium/drivers/r600/sb/sb_expr.cpp b/src/gallium/drivers/r600/sb/sb_expr.cpp
|
||||
index 1df78da6608..ad798453bc1 100644
|
||||
--- a/src/gallium/drivers/r600/sb/sb_expr.cpp
|
||||
+++ b/src/gallium/drivers/r600/sb/sb_expr.cpp
|
||||
@@ -945,6 +945,8 @@ bool expr_handler::fold_alu_op3(alu_node& n) {
|
||||
if (!sh.safe_math && (n.bc.op_ptr->flags & AF_M_ASSOC)) {
|
||||
if (fold_assoc(&n))
|
||||
return true;
|
||||
+ if (n.src.size() < 3)
|
||||
+ return fold_alu_op2(n);
|
||||
}
|
||||
|
||||
value* v0 = n.src[0]->gvalue();
|
||||
--
|
||||
2.17.1
|
||||
|
||||
|
|
@ -55,7 +55,7 @@
|
|||
Name: mesa
|
||||
Summary: Mesa graphics libraries
|
||||
Version: 18.0.5
|
||||
Release: 3%{?rctag:.%{rctag}}%{?dist}
|
||||
Release: 4%{?rctag:.%{rctag}}%{?dist}
|
||||
|
||||
License: MIT
|
||||
URL: http://www.mesa3d.org
|
||||
|
|
@ -84,6 +84,10 @@ Patch7: 0001-gallium-Disable-rgb10-configs-by-default.patch
|
|||
Patch10: glvnd-fix-gl-dot-pc.patch
|
||||
Patch11: 0001-Fix-linkage-against-shared-glapi.patch
|
||||
|
||||
# r600 backport
|
||||
Patch20: 0001-r600-sb-cleanup-if_conversion-iterator-to-be-legal-C.patch
|
||||
Patch21: 0001-r600-sb-fix-crash-in-fold_alu_op3.patch
|
||||
|
||||
BuildRequires: gcc
|
||||
BuildRequires: gcc-c++
|
||||
BuildRequires: automake
|
||||
|
|
@ -676,6 +680,9 @@ popd
|
|||
%{_includedir}/vulkan/
|
||||
|
||||
%changelog
|
||||
* Mon Sep 17 2018 Dave Airlie <Airlied@redhat.com> - 18.0.5-4
|
||||
- Fix r600 sb crash (#1629401)
|
||||
|
||||
* Fri Jul 06 2018 Adam Jackson <ajax@redhat.com> - 18.0.5-3
|
||||
- Drop texture float patch
|
||||
|
||||
|
|
|
|||
Loading…
Reference in a new issue