[Mesa-dev] [PATCH 07/10] nv50: assert before trying to out-of-bounds access textures

Emil Velikov emil.l.velikov at gmail.com
Thu Jan 16 10:44:56 PST 2014 

Signed-off-by: Emil Velikov <emil.l.velikov at gmail.com>
---
 src/gallium/drivers/nouveau/nv50/nv50_context.c | 2 ++
 src/gallium/drivers/nouveau/nv50/nv50_state.c   | 2 ++
 src/gallium/drivers/nouveau/nv50/nv50_tex.c     | 1 +
 3 files changed, 5 insertions(+)

diff --git a/src/gallium/drivers/nouveau/nv50/nv50_context.c b/src/gallium/drivers/nouveau/nv50/nv50_context.c
index a4ec93a..8183b01 100644
--- a/src/gallium/drivers/nouveau/nv50/nv50_context.c
+++ b/src/gallium/drivers/nouveau/nv50/nv50_context.c
@@ -87,6 +87,7 @@ nv50_context_unreference_resources(struct nv50_context *nv50)
    pipe_resource_reference(&nv50->idxbuf.buffer, NULL);
 
    for (s = 0; s < 3; ++s) {
+      assert(nv50->num_textures[s] <= PIPE_MAX_SAMPLERS);
       for (i = 0; i < nv50->num_textures[s]; ++i)
          pipe_sampler_view_reference(&nv50->textures[s][i], NULL);
 
@@ -168,6 +169,7 @@ nv50_invalidate_resource_storage(struct nouveau_context *ctx,
 
    if (res->bind & PIPE_BIND_SAMPLER_VIEW) {
       for (s = 0; s < 3; ++s) {
+      assert(nv50->num_textures[s] <= PIPE_MAX_SAMPLERS);
       for (i = 0; i < nv50->num_textures[s]; ++i) {
          if (nv50->textures[s][i] &&
              nv50->textures[s][i]->texture == res) {
diff --git a/src/gallium/drivers/nouveau/nv50/nv50_state.c b/src/gallium/drivers/nouveau/nv50/nv50_state.c
index 5488cac..b07856c 100644
--- a/src/gallium/drivers/nouveau/nv50/nv50_state.c
+++ b/src/gallium/drivers/nouveau/nv50/nv50_state.c
@@ -646,6 +646,7 @@ nv50_stage_set_sampler_views(struct nv50_context *nv50, int s,
 {
    unsigned i;
 
+   assert(nr <= PIPE_MAX_SAMPLERS);
    for (i = 0; i < nr; ++i) {
       struct nv50_tic_entry *old = nv50_tic_entry(nv50->textures[s][i]);
       if (old)
@@ -654,6 +655,7 @@ nv50_stage_set_sampler_views(struct nv50_context *nv50, int s,
       pipe_sampler_view_reference(&nv50->textures[s][i], views[i]);
    }
 
+   assert(nv50->num_textures[s] <= PIPE_MAX_SAMPLERS);
    for (i = nr; i < nv50->num_textures[s]; ++i) {
       struct nv50_tic_entry *old = nv50_tic_entry(nv50->textures[s][i]);
       if (!old)
diff --git a/src/gallium/drivers/nouveau/nv50/nv50_tex.c b/src/gallium/drivers/nouveau/nv50/nv50_tex.c
index f7284fa..f2325cf 100644
--- a/src/gallium/drivers/nouveau/nv50/nv50_tex.c
+++ b/src/gallium/drivers/nouveau/nv50/nv50_tex.c
@@ -222,6 +222,7 @@ nv50_validate_tic(struct nv50_context *nv50, int s)
    unsigned i;
    boolean need_flush = FALSE;
 
+   assert(nv50->num_textures[s] <= PIPE_MAX_SAMPLERS);
    for (i = 0; i < nv50->num_textures[s]; ++i) {
       struct nv50_tic_entry *tic = nv50_tic_entry(nv50->textures[s][i]);
       struct nv04_resource *res;
-- 
1.8.5.2

More information about the mesa-dev mailing list