projects / mesa.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: a9b32f2)
iris: Clamp UBO and SSBO access to the actual BO size, for safety
authorKenneth Graunke <kenneth@whitecape.org>
Mon, 22 Oct 2018 21:35:33 +0000 (14:35 -0700)
committerKenneth Graunke <kenneth@whitecape.org>
Thu, 21 Feb 2019 18:26:09 +0000 (10:26 -0800)
src/gallium/drivers/iris/iris_state.c patch | blob | history

diff --git a/src/gallium/drivers/iris/iris_state.c b/src/gallium/drivers/iris/iris_state.c
index de4adffce9d23f81afe48cbbb0c1c7d61f57f5b3..e3ae6a6fceba965959c9d5b1bbaffd0463c66bc1 100644 (file)
--- a/src/gallium/drivers/iris/iris_state.c
+++ b/src/gallium/drivers/iris/iris_state.c
@@ -2112,7 +2112,8 @@ iris_set_constant_buffer(struct pipe_context *ctx,
 
       isl_buffer_fill_state(&screen->isl_dev, map,
                             .address = res->bo->gtt_offset + cbuf->data.offset,
-                            .size_B = input->buffer_size,
+                            .size_B = MIN2(input->buffer_size,
+                                           res->bo->size - cbuf->data.offset),
                             .format = ISL_FORMAT_R32G32B32A32_FLOAT,
                             .stride_B = 1,
                             .mocs = MOCS_WB)
@@ -2169,7 +2170,9 @@ iris_set_shader_buffers(struct pipe_context *ctx,
          isl_buffer_fill_state(&screen->isl_dev, map,
                                .address =
                                   res->bo->gtt_offset + buffer->buffer_offset,
-                               .size_B = buffer->buffer_size,
+                               .size_B =
+                                  MIN2(buffer->buffer_size,
+                                       res->bo->size - buffer->buffer_offset),
                                .format = ISL_FORMAT_RAW,
                                .stride_B = 1,
                                .mocs = MOCS_WB);