From a66c4ce50a107696b48f793f73f46426b7e3ff73 Mon Sep 17 00:00:00 2001
From: Chris Forbes <chrisf@ijw.co.nz>
Date: Mon, 1 Apr 2013 12:51:59 +1300
Subject: mesa: don't memcmp() off the end of a cache key.

Reported-by: `per` in #intel-gfx

The size of the cache key varies, so store the actual size as well as
the key blob itself, rather than just assuming it's the same as the size
passed in.

NOTE: This is a candidate for stable branches.

V2: Don't leave silly holes in structure; use unsigned instead of GLuint.
V3: Fix missing case for `last` match.

Signed-off-by: Chris Forbes <chrisf@ijw.co.nz>
Reviewed-by: Paul Berry <stereotype441@gmail.com>
(cherry picked from commit c4629ad3f9440ec7ad3d9f4881d0aba41a93f2f5)
---
 src/mesa/program/prog_cache.c | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/src/mesa/program/prog_cache.c b/src/mesa/program/prog_cache.c
index 2ccedb5d7d..30a1ae11f0 100644
--- a/src/mesa/program/prog_cache.c
+++ b/src/mesa/program/prog_cache.c
@@ -37,6 +37,7 @@
 struct cache_item
 {
    GLuint hash;
+   unsigned keysize;
    void *key;
    struct gl_program *program;
    struct cache_item *next;
@@ -174,7 +175,8 @@ struct gl_program *
 _mesa_search_program_cache(struct gl_program_cache *cache,
                            const void *key, GLuint keysize)
 {
-   if (cache->last && 
+   if (cache->last &&
+       cache->last->keysize == keysize &&
        memcmp(cache->last->key, key, keysize) == 0) {
       return cache->last->program;
    }
@@ -183,7 +185,10 @@ _mesa_search_program_cache(struct gl_program_cache *cache,
       struct cache_item *c;
 
       for (c = cache->items[hash % cache->size]; c; c = c->next) {
-         if (c->hash == hash && memcmp(c->key, key, keysize) == 0) {
+         if (c->hash == hash &&
+             c->keysize == keysize &&
+             memcmp(c->key, key, keysize) == 0) {
+
             cache->last = c;
             return c->program;
          }
@@ -207,6 +212,7 @@ _mesa_program_cache_insert(struct gl_context *ctx,
 
    c->key = malloc(keysize);
    memcpy(c->key, key, keysize);
+   c->keysize = keysize;
 
    c->program = program;  /* no refcount change */
 
@@ -235,6 +241,7 @@ _mesa_shader_cache_insert(struct gl_context *ctx,
 
    c->key = malloc(keysize);
    memcpy(c->key, key, keysize);
+   c->keysize = keysize;
 
    c->program = (struct gl_program *)program;  /* no refcount change */
 
-- 
cgit v1.2.3