[Mesa-dev] [PATCH 08/10] nv50: assert before trying to out-of-bounds access samplers
Emil Velikov
emil.l.velikov at gmail.com
Thu Jan 16 10:44:57 PST 2014
Signed-off-by: Emil Velikov <emil.l.velikov at gmail.com>
---
src/gallium/drivers/nouveau/nv50/nv50_state.c | 3 +++
src/gallium/drivers/nouveau/nv50/nv50_tex.c | 1 +
2 files changed, 4 insertions(+)
diff --git a/src/gallium/drivers/nouveau/nv50/nv50_state.c b/src/gallium/drivers/nouveau/nv50/nv50_state.c
index b07856c..02755a5 100644
--- a/src/gallium/drivers/nouveau/nv50/nv50_state.c
+++ b/src/gallium/drivers/nouveau/nv50/nv50_state.c
@@ -557,6 +557,7 @@ nv50_sampler_state_delete(struct pipe_context *pipe, void *hwcso)
unsigned s, i;
for (s = 0; s < 3; ++s)
+ assert(nv50_context(pipe)->num_samplers[s] <= PIPE_MAX_SAMPLERS);
for (i = 0; i < nv50_context(pipe)->num_samplers[s]; ++i)
if (nv50_context(pipe)->samplers[s][i] == hwcso)
nv50_context(pipe)->samplers[s][i] = NULL;
@@ -572,6 +573,7 @@ nv50_stage_sampler_states_bind(struct nv50_context *nv50, int s,
{
unsigned i;
+ assert(nr <= PIPE_MAX_SAMPLERS);
for (i = 0; i < nr; ++i) {
struct nv50_tsc_entry *old = nv50->samplers[s][i];
@@ -579,6 +581,7 @@ nv50_stage_sampler_states_bind(struct nv50_context *nv50, int s,
if (old)
nv50_screen_tsc_unlock(nv50->screen, old);
}
+ assert(nv50->num_samplers[s] <= PIPE_MAX_SAMPLERS);
for (; i < nv50->num_samplers[s]; ++i)
if (nv50->samplers[s][i])
nv50_screen_tsc_unlock(nv50->screen, nv50->samplers[s][i]);
diff --git a/src/gallium/drivers/nouveau/nv50/nv50_tex.c b/src/gallium/drivers/nouveau/nv50/nv50_tex.c
index f2325cf..bd47bf8 100644
--- a/src/gallium/drivers/nouveau/nv50/nv50_tex.c
+++ b/src/gallium/drivers/nouveau/nv50/nv50_tex.c
@@ -309,6 +309,7 @@ nv50_validate_tsc(struct nv50_context *nv50, int s)
unsigned i;
boolean need_flush = FALSE;
+ assert(nv50->num_samplers[s] <= PIPE_MAX_SAMPLERS);
for (i = 0; i < nv50->num_samplers[s]; ++i) {
struct nv50_tsc_entry *tsc = nv50_tsc_entry(nv50->samplers[s][i]);
--
1.8.5.2
More information about the mesa-dev
mailing list