From 5e130f237173a9fc241d7df4d989d046206ba3b2 Mon Sep 17 00:00:00 2001 From: Emil Velikov Date: Thu, 16 Jan 2014 16:35:27 +0000 Subject: [PATCH] nv50: assert before trying to out-of-bounds access constbuf Signed-off-by: Emil Velikov Reviewed-by: Ilia Mirkin --- src/gallium/drivers/nouveau/nv50/nv50_context.c | 1 + src/gallium/drivers/nouveau/nv50/nv50_shader_state.c | 2 ++ src/gallium/drivers/nouveau/nv50/nv50_state.c | 1 + 3 files changed, 4 insertions(+) diff --git a/src/gallium/drivers/nouveau/nv50/nv50_context.c b/src/gallium/drivers/nouveau/nv50/nv50_context.c index bd00b501446..9ea425e4c9b 100644 --- a/src/gallium/drivers/nouveau/nv50/nv50_context.c +++ b/src/gallium/drivers/nouveau/nv50/nv50_context.c @@ -180,6 +180,7 @@ nv50_invalidate_resource_storage(struct nouveau_context *ctx, if (res->bind & PIPE_BIND_CONSTANT_BUFFER) { for (s = 0; s < 3; ++s) { + assert(nv50->num_vtxbufs <= NV50_MAX_PIPE_CONSTBUFS); for (i = 0; i < nv50->num_vtxbufs; ++i) { if (!nv50->constbuf[s][i].user && nv50->constbuf[s][i].u.buf == res) { diff --git a/src/gallium/drivers/nouveau/nv50/nv50_shader_state.c b/src/gallium/drivers/nouveau/nv50/nv50_shader_state.c index 9144fc48d95..c44d208670d 100644 --- a/src/gallium/drivers/nouveau/nv50/nv50_shader_state.c +++ b/src/gallium/drivers/nouveau/nv50/nv50_shader_state.c @@ -47,6 +47,8 @@ nv50_constbufs_validate(struct nv50_context *nv50) while (nv50->constbuf_dirty[s]) { const int i = ffs(nv50->constbuf_dirty[s]) - 1; + + assert(i < NV50_MAX_PIPE_CONSTBUFS); nv50->constbuf_dirty[s] &= ~(1 << i); if (nv50->constbuf[s][i].user) { diff --git a/src/gallium/drivers/nouveau/nv50/nv50_state.c b/src/gallium/drivers/nouveau/nv50/nv50_state.c index 87dd07f9c01..6b5a28893d4 100644 --- a/src/gallium/drivers/nouveau/nv50/nv50_state.c +++ b/src/gallium/drivers/nouveau/nv50/nv50_state.c @@ -786,6 +786,7 @@ nv50_set_constant_buffer(struct pipe_context *pipe, uint shader, uint index, if (shader == PIPE_SHADER_COMPUTE) return; + assert(i < NV50_MAX_PIPE_CONSTBUFS); if (nv50->constbuf[s][i].user) nv50->constbuf[s][i].u.buf = NULL; else -- 2.30.2