From 66e137ecf1e6a77374c0278a02246cff3cab0355 Mon Sep 17 00:00:00 2001
From: Jason Ekstrand <jason.ekstrand@intel.com>
Date: Wed, 18 May 2016 14:56:19 -0700
Subject: [PATCH] nir/lower_samplers: Protect against sampler index overflow

Reviewed-by: Kenneth Graunke <kenneth@whitecape.org>
---
 src/compiler/nir/nir_lower_samplers.c | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/src/compiler/nir/nir_lower_samplers.c b/src/compiler/nir/nir_lower_samplers.c
index 0de9eb8..4a43269 100644
--- a/src/compiler/nir/nir_lower_samplers.c
+++ b/src/compiler/nir/nir_lower_samplers.c
@@ -89,7 +89,7 @@ calc_sampler_offsets(nir_deref *tail, nir_tex_instr *instr,
 
 static void
 lower_sampler(nir_tex_instr *instr, const struct gl_shader_program *shader_program,
-              gl_shader_stage stage, nir_builder *builder)
+              gl_shader_stage stage, nir_builder *b)
 {
    if (instr->texture == NULL)
       return;
@@ -102,11 +102,14 @@ lower_sampler(nir_tex_instr *instr, const struct gl_shader_program *shader_progr
    unsigned array_elements = 1;
    nir_ssa_def *indirect = NULL;
 
-   builder->cursor = nir_before_instr(&instr->instr);
+   b->cursor = nir_before_instr(&instr->instr);
    calc_sampler_offsets(&instr->texture->deref, instr, &array_elements,
-                        &indirect, builder, &location);
+                        &indirect, b, &location);
 
    if (indirect) {
+      assert(array_elements >= 1);
+      indirect = nir_umin(b, indirect, nir_imm_int(b, array_elements - 1));
+
       /* First, we have to resize the array of texture sources */
       nir_tex_src *new_srcs = rzalloc_array(instr, nir_tex_src,
                                             instr->num_srcs + 2);
-- 
2.7.4