nv50: access only the available amount of constbuf

The textures array is defined as a number of NV50_MAX_PIPE_CONSTBUFS
per shader stage. Currently the nv50 driver handles only 3 shader
stages, thus we wreck chaos when accessing array-out-of-bounds.

Cc: 9.1 9.2 10.0 <mesa-stable@lists.freedesktop.org>
Signed-off-by: Emil Velikov <emil.l.velikov@gmail.com>
Reviewed-by: Ilia Mirkin <imirkin@alum.mit.edu>

diff --git a/src/gallium/drivers/nouveau/nv50/nv50_context.c b/src/gallium/drivers/nouveau/nv50/nv50_context.c
index eb345dc24bc3417ae23290699741eb5298c199ba..bd00b5014468db77eb339aca5937894b1305b752 100644 (file)
--- a/src/gallium/drivers/nouveau/nv50/nv50_context.c
+++ b/src/gallium/drivers/nouveau/nv50/nv50_context.c
@@ -179,7 +179,7 @@ nv50_invalidate_resource_storage(struct nouveau_context *ctx,
    }
 
    if (res->bind & PIPE_BIND_CONSTANT_BUFFER) {
-      for (s = 0; s < 5; ++s) {
+      for (s = 0; s < 3; ++s) {
       for (i = 0; i < nv50->num_vtxbufs; ++i) {
          if (!nv50->constbuf[s][i].user &&
              nv50->constbuf[s][i].u.buf == res) {