asahi,agx: Fix stack buffer overflow in agx_link_varyings_vs_fs

Discovered while running dEQP-EGL under address sanitizer.

Fixes: f3877f56ba7 ("asahi,agx: Rewrite varying linking")
Signed-off-by: Janne Grunau <j@jannau.net>
Part-of: <https://gitlab.freedesktop.org/mesa/mesa/-/merge_requests/24635>

diff --git a/src/gallium/drivers/asahi/agx_state.c b/src/gallium/drivers/asahi/agx_state.c
index 160d81e..15d39ab 100644 (file)
--- a/src/gallium/drivers/asahi/agx_state.c
+++ b/src/gallium/drivers/asahi/agx_state.c
@@ -1489,8 +1489,8 @@ agx_link_varyings_vs_fs(struct agx_pool *pool, struct agx_varyings_vs *vs,
 
    /* I don't understand why the data structures are repeated thrice */
    for (unsigned i = 0; i < 3; ++i) {
-      memcpy(((uint8_t *)ptr.cpu) + (i * linkage_size),
-             ((uint8_t *)tmp) + (i * linkage_size), linkage_size);
+      memcpy(((uint8_t *)ptr.cpu) + (i * linkage_size), (uint8_t *)tmp,
+             linkage_size);
    }
 
    return ptr.gpu;