From ecb71cfa66f4257661579a0afa5f9c56c7dbfce2 Mon Sep 17 00:00:00 2001
From: Rob Clark <robclark@freedesktop.org>
Date: Sun, 2 Mar 2014 08:48:08 -0500
Subject: [PATCH] freedreno/a3xx/compiler: overflow in trans_endif

The logic to count number of block outputs was out of sync with the
actual array construction.  But to simplify / make things less fragile,
we can just allocate the arrays for worst case size.

Signed-off-by: Rob Clark <robclark@freedesktop.org>
---
 .../drivers/freedreno/a3xx/fd3_compiler.c      | 18 +++++-------------
 1 file changed, 5 insertions(+), 13 deletions(-)

diff --git a/src/gallium/drivers/freedreno/a3xx/fd3_compiler.c b/src/gallium/drivers/freedreno/a3xx/fd3_compiler.c
index 7450fac23c1..9b644742615 100644
--- a/src/gallium/drivers/freedreno/a3xx/fd3_compiler.c
+++ b/src/gallium/drivers/freedreno/a3xx/fd3_compiler.c
@@ -1427,19 +1427,9 @@ trans_endif(const struct instr_translater *t,
 	if (!elseb)
 		elseb = ifb->parent;
 
-	/* count up number of outputs for each block: */
-	for (i = 0; i < ifb->ntemporaries; i++) {
-		if (ifb->temporaries[i])
-			ifnout++;
-		if (elseb->temporaries[i])
-			elsenout++;
-	}
-	for (i = 0; i < ifb->noutputs; i++) {
-		if (ifb->outputs[i])
-			ifnout++;
-		if (elseb->outputs[i])
-			elsenout++;
-	}
+	/* worst case sizes: */
+	ifnout = ifb->ntemporaries + ifb->noutputs;
+	elsenout = elseb->ntemporaries + elseb->noutputs;
 
 	ifout = ir3_alloc(ctx->ir, sizeof(ifb->outputs[0]) * ifnout);
 	if (elseb != ifb->parent)
@@ -1480,6 +1470,8 @@ trans_endif(const struct instr_translater *t,
 		}
 	}
 
+	compile_assert(ctx, ifb->noutputs == elseb->noutputs);
+
 	/* .. and any outputs written: */
 	for (i = 0; i < ifb->noutputs; i++) {
 		struct ir3_instruction *a = ifb->outputs[i];
-- 
2.30.2