In _mesa_add_parameter, in prog_parameter.c, |values| represents an

array holding a variable number of values. These values get copied out
of the array 4 at a time with the COPY_4V macro, however, the array
might only contain a single element. In this case, ASAN reports a
read-before-initialize because the last 3 of the 4 elements haven't
been written to yet.

This patch should be upstreamed to Mesa.

BUG=238755
NOTRY=true

Review URL: https://chromiumcodereview.appspot.com/17122007

git-svn-id: svn://svn.chromium.org/chrome/trunk/deps/third_party/mesa@206770 0039d316-1c4b-4281-b951-d872f2087c98

1 files changed, 12 insertions, 1 deletions

diff --git a/src/mesa/program/prog_parameter.c b/src/mesa/program/prog_parameter.c
index 2018fa5..533eefa 100644
--- a/src/mesa/program/prog_parameter.c
+++ b/src/mesa/program/prog_parameter.c
@@ -158,7 +158,18 @@ _mesa_add_parameter(struct gl_program_parameter_list *paramList,
          p->DataType = datatype;
          p->Flags = flags;
          if (values) {
-            COPY_4V(paramList->ParameterValues[oldNum + i], values);
+            if (size >= (i+1)*4) {
+               COPY_4V(paramList->ParameterValues[oldNum + i], values);
+            } else {
+               /* silence asan */
+               for (j = 0; j < 4; j++) {
+                  if (i*4+j < size) {
+                     paramList->ParameterValues[oldNum + i][j] = values[i*4+j];
+                  } else {
+                     paramList->ParameterValues[oldNum + i][j].f = 0.0f;
+                  }
+               }
+            }
             values += 4;
             p->Initialized = GL_TRUE;
          }