pan/bifrost: Avoid buffer overflow in disassembler
authorAlyssa Rosenzweig <alyssa.rosenzweig@collabora.com>
Wed, 21 Aug 2019 16:02:40 +0000 (09:02 -0700)
committerAlyssa Rosenzweig <alyssa.rosenzweig@collabora.com>
Wed, 21 Aug 2019 17:38:31 +0000 (10:38 -0700)
This path shouldn't be possible for in-spec shaders, but let's be
defensive. (Because security, right? Mostly because Coverity.)

Signed-off-by: Alyssa Rosenzweig <alyssa.rosenzweig@collabora.com>
src/panfrost/bifrost/disassemble.c

index c7e131d5d5b4a99ba422898511fa422831562085..19592e21b41f7105d2c82d2f8ea5231a3c6b53a5 100644 (file)
@@ -2177,7 +2177,7 @@ bool dump_clause(uint32_t *words, unsigned *size, unsigned offset, bool verbose)
                                 // share a buffer in the decoder, but we only care about
                                 // the position in the constant stream; the total number of
                                 // instructions is redundant.
-                                unsigned const_idx = 7;
+                                unsigned const_idx = 0;
                                 switch (pos) {
                                 case 0:
                                 case 1:
@@ -2205,9 +2205,12 @@ bool dump_clause(uint32_t *words, unsigned *size, unsigned offset, bool verbose)
                                         break;
                                 default:
                                         printf("# unknown pos 0x%x\n", pos);
+                                        break;
                                 }
+
                                 if (num_consts < const_idx + 2)
                                         num_consts = const_idx + 2;
+
                                 consts[const_idx] = const0;
                                 consts[const_idx + 1] = const1;
                                 done = stop;