From 3805a864b1df00ddb6053f616435326f31007663 Mon Sep 17 00:00:00 2001 From: Emil Velikov Date: Thu, 16 Jan 2014 17:29:42 +0000 Subject: [PATCH] nv50: assert before trying to out-of-bounds access samplers Signed-off-by: Emil Velikov Reviewed-by: Ilia Mirkin --- src/gallium/drivers/nouveau/nv50/nv50_state.c | 3 +++ src/gallium/drivers/nouveau/nv50/nv50_tex.c | 1 + 2 files changed, 4 insertions(+) diff --git a/src/gallium/drivers/nouveau/nv50/nv50_state.c b/src/gallium/drivers/nouveau/nv50/nv50_state.c index c59a096..247f295 100644 --- a/src/gallium/drivers/nouveau/nv50/nv50_state.c +++ b/src/gallium/drivers/nouveau/nv50/nv50_state.c @@ -557,6 +557,7 @@ nv50_sampler_state_delete(struct pipe_context *pipe, void *hwcso) unsigned s, i; for (s = 0; s < 3; ++s) + assert(nv50_context(pipe)->num_samplers[s] <= PIPE_MAX_SAMPLERS); for (i = 0; i < nv50_context(pipe)->num_samplers[s]; ++i) if (nv50_context(pipe)->samplers[s][i] == hwcso) nv50_context(pipe)->samplers[s][i] = NULL; @@ -572,6 +573,7 @@ nv50_stage_sampler_states_bind(struct nv50_context *nv50, int s, { unsigned i; + assert(nr <= PIPE_MAX_SAMPLERS); for (i = 0; i < nr; ++i) { struct nv50_tsc_entry *old = nv50->samplers[s][i]; @@ -579,6 +581,7 @@ nv50_stage_sampler_states_bind(struct nv50_context *nv50, int s, if (old) nv50_screen_tsc_unlock(nv50->screen, old); } + assert(nv50->num_samplers[s] <= PIPE_MAX_SAMPLERS); for (; i < nv50->num_samplers[s]; ++i) if (nv50->samplers[s][i]) nv50_screen_tsc_unlock(nv50->screen, nv50->samplers[s][i]); diff --git a/src/gallium/drivers/nouveau/nv50/nv50_tex.c b/src/gallium/drivers/nouveau/nv50/nv50_tex.c index f2325cf..bd47bf8 100644 --- a/src/gallium/drivers/nouveau/nv50/nv50_tex.c +++ b/src/gallium/drivers/nouveau/nv50/nv50_tex.c @@ -309,6 +309,7 @@ nv50_validate_tsc(struct nv50_context *nv50, int s) unsigned i; boolean need_flush = FALSE; + assert(nv50->num_samplers[s] <= PIPE_MAX_SAMPLERS); for (i = 0; i < nv50->num_samplers[s]; ++i) { struct nv50_tsc_entry *tsc = nv50_tsc_entry(nv50->samplers[s][i]); -- 2.7.4