From 3f8894b0f7c32856a868e255445610ee82efdf70 Mon Sep 17 00:00:00 2001
From: Janne Grunau <j@jannau.net>
Date: Sat, 29 Jul 2023 19:12:09 +0200
Subject: [PATCH] asahi,agx: Fix stack buffer overflow in
 agx_link_varyings_vs_fs

Discovered while running dEQP-EGL under address sanitizer.

Fixes: f3877f56ba7 ("asahi,agx: Rewrite varying linking")
Signed-off-by: Janne Grunau <j@jannau.net>
Part-of: <https://gitlab.freedesktop.org/mesa/mesa/-/merge_requests/24635>
---
 src/gallium/drivers/asahi/agx_state.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/gallium/drivers/asahi/agx_state.c b/src/gallium/drivers/asahi/agx_state.c
index 160d81e..15d39ab 100644
--- a/src/gallium/drivers/asahi/agx_state.c
+++ b/src/gallium/drivers/asahi/agx_state.c
@@ -1489,8 +1489,8 @@ agx_link_varyings_vs_fs(struct agx_pool *pool, struct agx_varyings_vs *vs,
 
    /* I don't understand why the data structures are repeated thrice */
    for (unsigned i = 0; i < 3; ++i) {
-      memcpy(((uint8_t *)ptr.cpu) + (i * linkage_size),
-             ((uint8_t *)tmp) + (i * linkage_size), linkage_size);
+      memcpy(((uint8_t *)ptr.cpu) + (i * linkage_size), (uint8_t *)tmp,
+             linkage_size);
    }
 
    return ptr.gpu;
-- 
2.7.4