Mesa (main): anv: fix potential integer overflows
GitLab Mirror
gitlab-mirror at kemper.freedesktop.org
Mon Jun 28 09:43:53 UTC 2021
Module: Mesa
Branch: main
Commit: d19cf7d572115c2df30abe7a1ff3b6fb35805c16
URL: http://cgit.freedesktop.org/mesa/mesa/commit/?id=d19cf7d572115c2df30abe7a1ff3b6fb35805c16
Author: Marcin Ślusarz <marcin.slusarz at intel.com>
Date: Thu Jun 24 12:20:33 2021 +0200
anv: fix potential integer overflows
In all cases both variables has a type of uint32_t, so multiplying
them will also generate uint32_t. The results of those multiplications
are used as uint64_t's, so Coverity thinks there might be integer
overflows here.
I don't think it's possible to hit them (query BOs should be relatively
small), but let's avoid those overflows.
CID: 1472820
CID: 1472821
CID: 1472822
CID: 1472824
CID: 1475934
CID: 1475927
Signed-off-by: Marcin Ślusarz <marcin.slusarz at intel.com>
Reviewed-by: Jason Ekstrand <jason at jlekstrand.net>
Part-of: <https://gitlab.freedesktop.org/mesa/mesa/-/merge_requests/11574>
---
src/intel/vulkan/genX_query.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/src/intel/vulkan/genX_query.c b/src/intel/vulkan/genX_query.c
index ab1d4e9571e..a0c0a8813ff 100644
--- a/src/intel/vulkan/genX_query.c
+++ b/src/intel/vulkan/genX_query.c
@@ -204,7 +204,7 @@ VkResult genX(CreateQueryPool)(
if (pdevice->has_exec_async)
bo_flags |= EXEC_OBJECT_ASYNC;
- uint64_t size = pool->slots * pool->stride;
+ uint64_t size = pool->slots * (uint64_t)pool->stride;
result = anv_device_alloc_bo(device, "query-pool", size,
ANV_BO_ALLOC_MAPPED |
ANV_BO_ALLOC_SNOOPED,
@@ -225,7 +225,7 @@ VkResult genX(CreateQueryPool)(
mi_builder_init(&b, &device->info, &batch);
mi_store(&b, mi_reg64(ANV_PERF_QUERY_OFFSET_REG),
- mi_imm(p * pool->pass_size));
+ mi_imm(p * (uint64_t)pool->pass_size));
anv_batch_emit(&batch, GENX(MI_BATCH_BUFFER_END), bbe);
}
}
@@ -304,13 +304,13 @@ void genX(DestroyQueryPool)(
static uint64_t
khr_perf_query_availability_offset(struct anv_query_pool *pool, uint32_t query, uint32_t pass)
{
- return query * (pool->stride) + pass * pool->pass_size;
+ return query * (uint64_t)pool->stride + pass * (uint64_t)pool->pass_size;
}
static uint64_t
khr_perf_query_data_offset(struct anv_query_pool *pool, uint32_t query, uint32_t pass, bool end)
{
- return query * (pool->stride) + pass * pool->pass_size +
+ return query * (uint64_t)pool->stride + pass * (uint64_t)pool->pass_size +
pool->data_offset + (end ? pool->snapshot_size : 0);
}
More information about the mesa-commit
mailing list