freedreno/ir3: fix indirect cb0 load_ubo lowering

We can no longer assume that `state->ranges[0]` is block 0.  It *often*
is, but when we encounter a "real" ubo that we lower to `load_uniform`
before a block 0 `load_ubo`, it could end up another entry in the table.
Resulting in the second pass after gathering ubo ranges, not finding a
valid range.  Which results in a `load_ubo` for a thing that is not
actually a ubo making it's way into ir3 frontend.  Resulting in grabbing
what we think is a ubo address out of some unrelated const register, and
trying to dereference that.  Which as you can imagine, fails in amusing
ways.

Fixes: fc850080ee3 ("ir3: Rewrite UBO push analysis to support bindless")
Signed-off-by: Rob Clark <robdclark@chromium.org>
Part-of: <https://gitlab.freedesktop.org/mesa/mesa/-/merge_requests/4954>

diff --git a/src/freedreno/ir3/ir3_nir_analyze_ubo_ranges.c b/src/freedreno/ir3/ir3_nir_analyze_ubo_ranges.c
index d8a285073f194502fb8217e501c0cd3c865ae08c..d60c2c64d106644fd2b516ded88a6f25b79c4dac 100644 (file)
--- a/src/freedreno/ir3/ir3_nir_analyze_ubo_ranges.c
+++ b/src/freedreno/ir3/ir3_nir_analyze_ubo_ranges.c
@@ -98,8 +98,8 @@ gather_ubo_ranges(nir_shader *nir, nir_intrinsic_instr *instr,
                        /* If this is an indirect on UBO 0, we'll still lower it back to
                         * load_uniform.  Set the range to cover all of UBO 0.
                         */
-                       state->range[0].start = 0;
-                       state->range[0].end = ALIGN(nir->num_uniforms * 16, 16 * 4);
+                       old_r->start = 0;
+                       old_r->end = ALIGN(nir->num_uniforms * 16, 16 * 4);
                }
 
                return;