From c791fae67b2f4ce8a3cdebd5eb89bb18ff685ed7 Mon Sep 17 00:00:00 2001
From: Karol Herbst <kherbst@redhat.com>
Date: Sat, 20 Aug 2022 18:54:32 +0200
Subject: [PATCH] nouveau/ws: bound check nouveau_ws_push_append

Part-of: <https://gitlab.freedesktop.org/mesa/mesa/-/merge_requests/24326>
---
 src/nouveau/winsys/nouveau_push.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/src/nouveau/winsys/nouveau_push.c b/src/nouveau/winsys/nouveau_push.c
index fcf1ea3..63ead93 100644
--- a/src/nouveau/winsys/nouveau_push.c
+++ b/src/nouveau/winsys/nouveau_push.c
@@ -94,6 +94,9 @@ nouveau_ws_push_append(struct nouveau_ws_push *push,
    assert(other->bos.size == 0);
 
    size_t count = other->map - other->orig_map;
+
+   assert(push->map + count <= push->end);
+
    memcpy(push->map, other->orig_map, count * sizeof(*push->map));
    push->map += count;
    push->last_size = NULL;
-- 
2.7.4