zink: protect against invalid scissored renderpass clears

if the clear region is oob, this is illegal and may crash some drivers

fixes (lavapipe):
dEQP-EGL.functional.swap_buffers_with_damage.resize_before_swap.buffer_age_clear_render
dEQP-EGL.functional.swap_buffers_with_damage.resize_before_swap.buffer_age_render_clear

cc: mesa-stable

Part-of: <https://gitlab.freedesktop.org/mesa/mesa/-/merge_requests/20584>
(cherry picked from commit 6f02fe8842f9fc6e0cecad533451a6402539c027)

diff --git a/.pick_status.json b/.pick_status.json
index 53bb5f5..b4cfd22 100644 (file)
--- a/.pick_status.json
+++ b/.pick_status.json
@@ -1255,7 +1255,7 @@
         "description": "zink: protect against invalid scissored renderpass clears",
         "nominated": true,
         "nomination_type": 0,
-        "resolution": 0,
+        "resolution": 1,
         "main_sha": null,
         "because_sha": null
     },

diff --git a/src/gallium/drivers/zink/zink_clear.c b/src/gallium/drivers/zink/zink_clear.c
index eaebcb3..cfb66df 100644 (file)
--- a/src/gallium/drivers/zink/zink_clear.c
+++ b/src/gallium/drivers/zink/zink_clear.c
@@ -88,6 +88,9 @@ clear_in_rp(struct pipe_context *pctx,
 
    VkClearRect cr = {0};
    if (scissor_state) {
+      /* invalid clear */
+      if (scissor_state->minx > ctx->fb_state.width || scissor_state->miny > ctx->fb_state.height)
+         return;
       cr.rect.offset.x = scissor_state->minx;
       cr.rect.offset.y = scissor_state->miny;
       cr.rect.extent.width = MIN2(fb->width, scissor_state->maxx - scissor_state->minx);