softpipe: Sanity check that the SSBO view offset is within the BO.

If we're going to check that the size matches, we should consider the
buffer offset too.  I haven't tracked down any testcases doing this, but
it seems obviously correct.

Reviewed-by: Dave Airlie <airlied@redhat.com>
Part-of: <https://gitlab.freedesktop.org/mesa/mesa/-/merge_requests/8276>

diff --git a/src/gallium/drivers/softpipe/sp_buffer.c b/src/gallium/drivers/softpipe/sp_buffer.c
index fdc21b9..ce79417 100644 (file)
--- a/src/gallium/drivers/softpipe/sp_buffer.c
+++ b/src/gallium/drivers/softpipe/sp_buffer.c
@@ -40,8 +40,11 @@ sp_tgsi_ssbo_lookup(const struct tgsi_buffer *buffer,
 
    struct pipe_shader_buffer *bview = &sp_buf->sp_bview[unit];
    /* Sanity check the view size is within our buffer. */
-   if (!bview->buffer || bview->buffer_size > bview->buffer->width0)
+   if (!bview->buffer ||
+       bview->buffer_offset > bview->buffer->width0 ||
+       bview->buffer_size > bview->buffer->width0 - bview->buffer_offset) {
       return NULL;
+   }
 
    struct softpipe_resource *spr = softpipe_resource(bview->buffer);
    *size = bview->buffer_size;