From 26b68313b90d3aa47c9f6cfcc4c86cfc11d48a28 Mon Sep 17 00:00:00 2001 From: Yuri Kunde Schlesner Date: Thu, 15 Sep 2016 23:16:39 -0700 Subject: VideoCore: Fix out-of-bounds read in ShaderSetup::ProduceDebugInfo As far as I can tell, memset was replaced by a fill without correcting the parameter type, causing an out-of-bounds array read in the Vec4 constructor. --- src/video_core/shader/shader.cpp | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/src/video_core/shader/shader.cpp b/src/video_core/shader/shader.cpp index 272f3ffe1..3febe739c 100644 --- a/src/video_core/shader/shader.cpp +++ b/src/video_core/shader/shader.cpp @@ -146,10 +146,8 @@ DebugData ShaderSetup::ProduceDebugInfo(const InputVertex& input, int num_ state.debug.max_opdesc_id = 0; // Setup input register table + boost::fill(state.registers.input, Math::Vec4::AssignToAll(float24::Zero())); const auto& attribute_register_map = config.input_register_map; - float24 dummy_register; - boost::fill(state.registers.input, &dummy_register); - for (unsigned i = 0; i < num_attributes; i++) state.registers.input[attribute_register_map.GetRegisterForAttribute(i)] = input.attr[i]; -- cgit v1.2.3