Mesa (master): softpipe: Sanity check that the SSBO view offset is within the BO.

[GitLab Mirror]

Module: Mesa
Branch: master
Commit: ff2601ffec1ee1c7201bcbcb349c50080d7cce95
URL:    http://cgit.freedesktop.org/mesa/mesa/commit/?id=ff2601ffec1ee1c7201bcbcb349c50080d7cce95

Author: Eric Anholt <eric at anholt.net>
Date:   Wed Dec 30 12:51:04 2020 -0800

softpipe: Sanity check that the SSBO view offset is within the BO.

If we're going to check that the size matches, we should consider the
buffer offset too.  I haven't tracked down any testcases doing this, but
it seems obviously correct.

Reviewed-by: Dave Airlie <airlied at redhat.com>
Part-of: <https://gitlab.freedesktop.org/mesa/mesa/-/merge_requests/8276>

---

 src/gallium/drivers/softpipe/sp_buffer.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/src/gallium/drivers/softpipe/sp_buffer.c b/src/gallium/drivers/softpipe/sp_buffer.c
index fdc21b96eb7..ce794171d10 100644
--- a/src/gallium/drivers/softpipe/sp_buffer.c
+++ b/src/gallium/drivers/softpipe/sp_buffer.c
@@ -40,8 +40,11 @@ sp_tgsi_ssbo_lookup(const struct tgsi_buffer *buffer,
 
    struct pipe_shader_buffer *bview = &sp_buf->sp_bview[unit];
    /* Sanity check the view size is within our buffer. */
-   if (!bview->buffer || bview->buffer_size > bview->buffer->width0)
+   if (!bview->buffer ||
+       bview->buffer_offset > bview->buffer->width0 ||
+       bview->buffer_size > bview->buffer->width0 - bview->buffer_offset) {
       return NULL;
+   }
 
    struct softpipe_resource *spr = softpipe_resource(bview->buffer);
    *size = bview->buffer_size;