projects / mesa.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 6a53b81)
nv50: assert before trying to out-of-bounds access samplers
authorEmil Velikov <emil.l.velikov@gmail.com>
Thu, 16 Jan 2014 17:29:42 +0000 (17:29 +0000)
committerEmil Velikov <emil.l.velikov@gmail.com>
Sat, 18 Jan 2014 19:17:37 +0000 (19:17 +0000)
Signed-off-by: Emil Velikov <emil.l.velikov@gmail.com>
Reviewed-by: Ilia Mirkin <imirkin@alum.mit.edu>
src/gallium/drivers/nouveau/nv50/nv50_state.c patch | blob | history
src/gallium/drivers/nouveau/nv50/nv50_tex.c patch | blob | history

diff --git a/src/gallium/drivers/nouveau/nv50/nv50_state.c b/src/gallium/drivers/nouveau/nv50/nv50_state.c
index c59a096f1c99309bb2c5031d73230b7a66ae09e5..247f295f8bc73e8a6b2c27e62b71b5ec57fe8c15 100644 (file)
--- a/src/gallium/drivers/nouveau/nv50/nv50_state.c
+++ b/src/gallium/drivers/nouveau/nv50/nv50_state.c
@@ -557,6 +557,7 @@ nv50_sampler_state_delete(struct pipe_context *pipe, void *hwcso)
    unsigned s, i;
 
    for (s = 0; s < 3; ++s)
+      assert(nv50_context(pipe)->num_samplers[s] <= PIPE_MAX_SAMPLERS);
       for (i = 0; i < nv50_context(pipe)->num_samplers[s]; ++i)
          if (nv50_context(pipe)->samplers[s][i] == hwcso)
             nv50_context(pipe)->samplers[s][i] = NULL;
@@ -572,6 +573,7 @@ nv50_stage_sampler_states_bind(struct nv50_context *nv50, int s,
 {
    unsigned i;
 
+   assert(nr <= PIPE_MAX_SAMPLERS);
    for (i = 0; i < nr; ++i) {
       struct nv50_tsc_entry *old = nv50->samplers[s][i];
 
@@ -579,6 +581,7 @@ nv50_stage_sampler_states_bind(struct nv50_context *nv50, int s,
       if (old)
          nv50_screen_tsc_unlock(nv50->screen, old);
    }
+   assert(nv50->num_samplers[s] <= PIPE_MAX_SAMPLERS);
    for (; i < nv50->num_samplers[s]; ++i)
       if (nv50->samplers[s][i])
          nv50_screen_tsc_unlock(nv50->screen, nv50->samplers[s][i]);
diff --git a/src/gallium/drivers/nouveau/nv50/nv50_tex.c b/src/gallium/drivers/nouveau/nv50/nv50_tex.c
index f2325cff92073a196421b525adb5ff822813ead1..bd47bf879e5b02116e6d526e55940f66ab6b011f 100644 (file)
--- a/src/gallium/drivers/nouveau/nv50/nv50_tex.c
+++ b/src/gallium/drivers/nouveau/nv50/nv50_tex.c
@@ -309,6 +309,7 @@ nv50_validate_tsc(struct nv50_context *nv50, int s)
    unsigned i;
    boolean need_flush = FALSE;
 
+   assert(nv50->num_samplers[s] <= PIPE_MAX_SAMPLERS);
    for (i = 0; i < nv50->num_samplers[s]; ++i) {
       struct nv50_tsc_entry *tsc = nv50_tsc_entry(nv50->samplers[s][i]);