From: Alyssa Rosenzweig <alyssa.rosenzweig@collabora.com>
Date: Wed, 21 Aug 2019 16:02:40 +0000 (-0700)
Subject: pan/bifrost: Avoid buffer overflow in disassembler
X-Git-Url: https://git.libre-soc.org/?a=commitdiff_plain;h=cda0ec67e6a615c10ac75e7345c8982637526d8c;p=mesa.git

pan/bifrost: Avoid buffer overflow in disassembler

This path shouldn't be possible for in-spec shaders, but let's be
defensive. (Because security, right? Mostly because Coverity.)

Signed-off-by: Alyssa Rosenzweig <alyssa.rosenzweig@collabora.com>
---

diff --git a/src/panfrost/bifrost/disassemble.c b/src/panfrost/bifrost/disassemble.c
index c7e131d5d5b..19592e21b41 100644
--- a/src/panfrost/bifrost/disassemble.c
+++ b/src/panfrost/bifrost/disassemble.c
@@ -2177,7 +2177,7 @@ bool dump_clause(uint32_t *words, unsigned *size, unsigned offset, bool verbose)
                                 // share a buffer in the decoder, but we only care about
                                 // the position in the constant stream; the total number of
                                 // instructions is redundant.
-                                unsigned const_idx = 7;
+                                unsigned const_idx = 0;
                                 switch (pos) {
                                 case 0:
                                 case 1:
@@ -2205,9 +2205,12 @@ bool dump_clause(uint32_t *words, unsigned *size, unsigned offset, bool verbose)
                                         break;
                                 default:
                                         printf("# unknown pos 0x%x\n", pos);
+                                        break;
                                 }
+
                                 if (num_consts < const_idx + 2)
                                         num_consts = const_idx + 2;
+
                                 consts[const_idx] = const0;
                                 consts[const_idx + 1] = const1;
                                 done = stop;