From 414be86c96836b35571185da776d2bce1b620c6a Mon Sep 17 00:00:00 2001
From: Chad Versace <chad.versace@linux.intel.com>
Date: Tue, 18 Nov 2014 21:11:26 -0800
Subject: [PATCH] i965: Use safer pointer arithmetic in gather_oa_results()

This patch reduces the likelihood of pointer arithmetic overflow bugs in
gather_oa_results(), like the one fixed by b69c7c5dac.

I haven't yet encountered any overflow bugs in the wild along this
patch's codepath. But I get nervous when I see code patterns like this:

   (void*) + (int) * (int)

I smell 32-bit overflow all over this code.

This patch retypes 'snapshot_size' to 'ptrdiff_t', which should fix any
potential overflow.

Reviewed-by: Kenneth Graunke <kenneth@whitecape.org>
Signed-off-by: Chad Versace <chad.versace@linux.intel.com>
---
 src/mesa/drivers/dri/i965/brw_performance_monitor.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/mesa/drivers/dri/i965/brw_performance_monitor.c b/src/mesa/drivers/dri/i965/brw_performance_monitor.c
index edfa3d2ec2a..e683e40e55f 100644
--- a/src/mesa/drivers/dri/i965/brw_performance_monitor.c
+++ b/src/mesa/drivers/dri/i965/brw_performance_monitor.c
@@ -907,7 +907,7 @@ gather_oa_results(struct brw_context *brw,
       return;
    }
 
-   const int snapshot_size = brw->perfmon.entries_per_oa_snapshot;
+   const ptrdiff_t snapshot_size = brw->perfmon.entries_per_oa_snapshot;
 
    /* First, add the contributions from the "head" interval:
     * (snapshot taken at BeginPerfMonitor time,
-- 
2.30.2